Sensitive Information Disclosure in IBM Daeja ViewONE Products
CVE-2017-1211

2.5LOW

Key Information:

Vendor
IBM
Status
Daeja Viewone
Vendor
CVE Published:
24 October 2017

Summary

The vulnerability in IBM Daeja ViewONE products allows a local user to access sensitive information due to improperly configured logging mechanisms. If logging is enabled, it could potentially expose critical data that should remain confidential, posing a security risk for organizations relying on these products for document and workflow management. Proper safeguards and configurations are essential to prevent unauthorized access to sensitive data.

Affected Version(s)

Daeja ViewONE 4.1.5.1

Daeja ViewONE 5.0.2

References

http://www.ibm.com/support/docview.wss?uid=swg22008011
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/123851
x_refsource_MISC
http://www.securityfocus.com/bid/101526
vdb-entryx_refsource_BID

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.