CVE-2014-3089

EUVD-2014-3110
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
ibmrational_directory_administrator
6.0
ibmrational_directory_administrator
6.0.0.1
ibmrational_directory_server
5.1.1
ibmrational_directory_server
5.1.1.1
ibmrational_directory_server
5.1.1.2
ibmrational_directory_server
5.2
ibmrational_directory_server
5.2.0.1
ibmrational_directory_server
5.2.0.2
ibmrational_directory_server
5.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21681554
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255
http://www-01.ibm.com/support/docview.wss?uid=swg21681554
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255