Local User Credential Exposure in IBM Publishing Engine
CVE-2017-1787

4.4MEDIUM

Key Information:

Vendor
IBM
Status
Rational Publishing Engine
Vendor
CVE Published:
2 March 2018

Summary

The IBM Publishing Engine versions 2.1.2 and 6.0.5 possess a vulnerability that allows a local user with administrative privileges to expose hard-coded user credentials. This flaw could enable unauthorized access to sensitive information, highlighting the importance of ensuring secure handling of user credentials in administration tools. Implementing security practices such as regular updates and user privilege audits is recommended to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Rational Publishing Engine 2.1.2

Rational Publishing Engine 6.0.5

References

http://www.ibm.com/support/docview.wss?uid=swg22013961
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/137022
x_refsource_MISC
http://www.securityfocus.com/bid/103252
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.