CVE-2012-4832 — Sensitive Information Exposure in IBM Infosphere Business Glossary

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 75.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Business Glossary IBM Infosphere Information Server

Timeline

PublishedJan 31

Latest updateMay 17

Description

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/infosphere_information_server5 versions+4

▶NVDibm/infosphere_business_glossary8.1.1, 8.1.2+1

🔴Vulnerability Details

GHSA

GHSA-r8qp-r3h5-6cxg: Information Services Framework (ISF) in IBM InfoSphere Information Server 8↗2022-05-17

▶

CVEList

CVE-2012-4832: Information Services Framework (ISF) in IBM InfoSphere Information Server 8↗2013-01-31

▶