CVE-2016-5967

EPSS 0.05%
Veröffentlicht 25.11.2016 03:59:10
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Rational Asset Analyzer Version6.1.0

Ibm ≫ Rational Asset Analyzer Version6.1.0.1

Ibm ≫ Rational Asset Analyzer Version6.1.0.2

Ibm ≫ Rational Asset Analyzer Version6.1.0.3

Ibm ≫ Rational Asset Analyzer Version6.1.0.4

Ibm ≫ Rational Asset Analyzer Version6.1.0.5

Ibm ≫ Rational Asset Analyzer Version6.1.0.6

Ibm ≫ Rational Asset Analyzer Version6.1.0.7

Ibm ≫ Rational Asset Analyzer Version6.1.0.8

Ibm ≫ Rational Asset Analyzer Version6.1.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.129

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

http://www-01.ibm.com/support/docview.wss?uid=swg1PI61540

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21990215

Vendor Advisory

http://www.securityfocus.com/bid/93145

https://nvd.nist.gov/vuln/detail/CVE-2016-5967

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5967

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5967

EUVD