5

CVE-2014-4875

EPSS 0.31%
Veröffentlicht 24.06.2015 10:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Toshiba ≫ Chec Version <= 6.6

Toshiba ≫ Chec Version6.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.535

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.kb.cert.org/vuls/id/301788

Third Party Advisory

US Government Resource

http://www.kb.cert.org/vuls/id/JLAD-9X4SPN

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2014-4875

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4875

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4875

EUVD