CVE-2014-6146

IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
ibmsterling_b2b_integrator
5.2.1
ibmsterling_b2b_integrator
5.2.2
ibmsterling_b2b_integrator
5.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/62190
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04337
http://www-01.ibm.com/support/docview.wss?uid=swg21689082
https://exchange.xforce.ibmcloud.com/vulnerabilities/96916
http://secunia.com/advisories/62190
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04337
http://www-01.ibm.com/support/docview.wss?uid=swg21689082
https://exchange.xforce.ibmcloud.com/vulnerabilities/96916