CVE-2014-0842IBM Rational Focal Point vulnerability

CWE-2553 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 54.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Focal Point
Timeline
PublishedFeb 26
Latest updateMay 17

Description

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/rational_focal_point17 versions+16

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9jw5-f2mf-grfh: The account-creation functionality in IBM Rational Focal Point 62022-05-17
CVEList
CVE-2014-0842: The account-creation functionality in IBM Rational Focal Point 62014-02-25
CVE-2014-0842 — IBM Rational Focal Point vulnerability | cvebase