CVE-2017-1207

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Integration BUSIBM Websphere Message Broker
Timeline
PublishedJul 5
Latest updateMay 13

Description

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5ibm/integration_bus10.0, 9.0+1
NVDibm/integration_bus16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-c4pv-cxp6-v96j: IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user2022-05-13
CVEList
CVE-2017-1207: IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user2017-07-05

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure2017-06-23
CVE-2017-1207 (MEDIUM CVSS 5.5) | IBM WebSphere Message Broker stores | cvebase.io