CVE-2017-1204 - OpenCVE

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Tealeaf Customer Experience

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:::::::*
	cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:::::::*

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg22006392	Patch Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22006455	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/123740	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-01-23T00:00:00

Updated: 2018-01-26T20:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1204

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-01-26T21:29:00.307

Modified: 2018-02-07T12:45:52.577

Link: CVE-2017-1204

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "Tealeaf Customer Experience", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0.2"}, {"status": "affected", "version": "8.7"}, {"status": "affected", "version": "8.8"}]}], "datePublic": "2018-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740."}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-26T20:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006392"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-01-23T00:00:00", "ID": "CVE-2017-1204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tealeaf Customer Experience", "version": {"version_data": [{"version_value": "9.0.2"}, {"version_value": "8.7"}, {"version_value": "8.8"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22006455", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22006392", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006392"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1204", "datePublished": "2018-01-23T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2018-01-26T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "41B6A77E-1686-44A6-B1E4-AC63A0466AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "FBAC9796-BA52-48AF-9326-3C2343BE2342", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2AFA47D5-AC5B-4A1B-83A6-EE5D49ECE489", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740."}, {"lang": "es", "value": "IBM Tealeaf Customer Experience 8.7, 8.8y 9.0.2 contiene credenciales embebidas. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para obtener acceso al sistema. IBM X-Force ID: 123740."}], "id": "CVE-2017-1204", "lastModified": "2018-02-07T12:45:52.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-26T21:29:00.307", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006392"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006455"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}