Information Disclosure Vulnerability in IBM Rational Focal Point Software
CVE-2014-0842

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Focal Point
Vendor: CVE Published:; 26 February 2014

Summary

The account-creation feature in IBM Rational Focal Point versions 6.4.x, 6.5.x prior to 6.5.2.3, and 6.6.x before 6.6.1 contains a flaw that permits a remote attacker to read the default password in the HTML source code of the user creation page. This exposure of sensitive information could facilitate unauthorized access to accounts, posing a significant security risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21665005

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/90706

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 26, 2014
Vulnerability Reserved
Jan 6, 2014