VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2008-7261
filenet_p8_application_engine: The Workplace (aka WP) component in IBM FileNet P8 ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7261

Original

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-20
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-21




Affected Product Tags
cpe:/a:ibm:filenet_p8_application_engine:3.5.1
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:001
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:002
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:003
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:004
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:005
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:006
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:007
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:008
cpe:/a:ibm:filenet_p8_application_engine:3.5.1:009
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm




Vulnerability Type Credentials Management (CWE-255)




Copyright © 2010 JPCERT/CC All Rights Reserved.