CVE-2012-4862 - OpenCVE

The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Rational Developer For System Z

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_developer_for_system_z:7.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.4:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.1.0:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0.1:::::::*
	cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.1:::::::*

References

Link	Resource
http://secunia.com/advisories/51401
http://www.ibm.com/support/docview.wss?uid=swg21617886
http://www.securityfocus.com/bid/56725
http://www.securitytracker.com/id?1027818
https://exchange.xforce.ibmcloud.com/vulnerabilities/79919

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2012-12-05T11:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-09-06T00:00:00

Link: CVE-2012-4862

JSON object: View

NVD Information

Status : Modified

Published: 2012-12-05T11:57:14.977

Modified: 2017-08-29T01:32:24.150

Link: CVE-2012-4862

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "rdz-ssl-info-disclosure(79919)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}, {"name": "1027818", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027818"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"name": "51401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51401"}, {"name": "56725", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56725"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4862", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "rdz-ssl-info-disclosure(79919)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}, {"name": "1027818", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027818"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21617886", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"name": "51401", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51401"}, {"name": "56725", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56725"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4862", "datePublished": "2012-12-05T11:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A610A08-6976-4BD3-BEA3-07E4BB6479EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AE7F88A-82CB-497B-9BF0-20FC6CC53A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0913793-B201-4A51-8F7C-09ABA999A47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4214C71-0E56-46FF-829A-3938BAD9DC2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:7.6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CDAF6553-5CDF-460F-ADC5-7AE2FFA4320A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EE886B1-B143-4499-94BC-189AD7B503E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C99ED2BD-F3C8-44E0-B95D-ADB5BC628066", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3BD37E87-18CC-4ACB-BE92-8D063CEA2A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "9607BF1B-8EFC-419D-84B2-537EA4B480D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EEB98DA3-866B-4EFD-BBFF-E656BFE2D839", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C9F5302-926D-455B-9E04-8754687D4C5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B65DE782-FE3A-408E-A486-5B33280B6F2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "095A59BB-9C5D-40D0-A57F-1162DBD858D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_system_z:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4798A47-D1B0-4172-981B-5A0F3C393923", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "El emulador Host Connect en IBM Rational Developer para System z v7.1 hasta v8.5.1 no almacena correctamente la contrase\u00f1a del certificado SSL, permitiendo a usuarios locales obtener informaci\u00f3n sensible mediante vectores no especificados."}], "id": "CVE-2012-4862", "lastModified": "2017-08-29T01:32:24.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-05T11:57:14.977", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/51401"}, {"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=swg21617886"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/56725"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id?1027818"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79919"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}