CVE-2017-1204

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.2%

top 21.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tealeaf Customer Experience

Timeline

PublishedJan 26

Latest updateMay 14

Description

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/tealeaf_customer_experience8.7, 8.8, 9.0.2+2

▶NVDibm/tealeaf_customer_experience8.7, 8.8, 9.0.2+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: exchange.xforce.ibmcloud.com ↗

🔴Vulnerability Details

GHSA

GHSA-87gx-294q-7xrf: IBM Tealeaf Customer Experience 8↗2022-05-14

▶

CVEList

CVE-2017-1204: IBM Tealeaf Customer Experience 8↗2018-01-26

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read↗2017-06-23

▶