CVE-2014-6146

EUVD-2014-6032
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
ibmsterling_b2b_integrator
5.2.1
ibmsterling_b2b_integrator
5.2.2
ibmsterling_b2b_integrator
5.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/62190
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04337
http://www-01.ibm.com/support/docview.wss?uid=swg21689082
https://exchange.xforce.ibmcloud.com/vulnerabilities/96916
http://secunia.com/advisories/62190
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04337
http://www-01.ibm.com/support/docview.wss?uid=swg21689082
https://exchange.xforce.ibmcloud.com/vulnerabilities/96916