CVE-2014-3089

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ibmrational_directory_administrator
6.0
ibmrational_directory_administrator
6.0.0.1
ibmrational_directory_server
5.1.1
ibmrational_directory_server
5.1.1.1
ibmrational_directory_server
5.1.1.2
ibmrational_directory_server
5.2
ibmrational_directory_server
5.2.0.1
ibmrational_directory_server
5.2.0.2
ibmrational_directory_server
5.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21681554
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255
http://www-01.ibm.com/support/docview.wss?uid=swg21681554
http://www.securityfocus.com/bid/69300
https://exchange.xforce.ibmcloud.com/vulnerabilities/94255