Vulnerability Details

ID: CVE-2014-0646

HPI
BUGTRAQ

Last Modified: May 2, 2014

Open in new window

Description

The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.

CVSS V2

Access Vector: Local

Access Complexity: Medium

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 6.9

Exploitability Score: 3.4

Impact Score: 10.0

CVSS V2: AV:L/AC:M/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-ID

CWE-310

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:emc:rsa_access_manager:6.2:sp1:::::: Part: a Product: rsa_access_manager Update: sp1 Vendor: emc Version: 6.2	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_access_manager:6.1:sp4:::::: Part: a Product: rsa_access_manager Update: sp4 Vendor: emc Version: 6.1	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_access_manager:6.1:sp3:::::: Part: a Product: rsa_access_manager Update: sp3 Vendor: emc Version: 6.1	Alle Schwachstellen für emc
	cpe:2.3:a:emc:rsa_access_manager:6.2:-:::::: Part: a Product: rsa_access_manager Update: - Vendor: emc Version: 6.2	Alle Schwachstellen für emc

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:emc:rsa_access_manager:6.2:sp1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_access_manager:6.1:sp4:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_access_manager:6.1:sp3:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:emc:rsa_access_manager:6.2:-:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="local"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="local"/>
        <prop key="range" value="local"/>
    </set>
</set>