CVE-2014-6134Sensitive Information Exposure in IBM Installation Manager

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 84.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Installation ManagerIBM Rational Clearcase
Timeline
PublishedMar 25
Latest updateMay 17

Description

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

NVDibm/rational_clearcase21 versions+20

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9pf4-6pr2-9j32: IBM Rational ClearCase 82022-05-17
CVEList
CVE-2014-6134: IBM Rational ClearCase 82015-03-25
CVE-2014-6134 — Sensitive Information Exposure in IBM | cvebase