1. Home
  2. CVE Database
  3. CVE-2014-3089
MEDIUM · 4.9

CVE-2014-3089

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, include...

Vulnerability Description

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:C/I:N/A:N
Confidentiality
COMPLETE
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmRational Directory Administrator6.0
IbmRational Directory Server5.1.1

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2014-3089?

CVE-2014-3089 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, include...

How severe is CVE-2014-3089?

CVE-2014-3089 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3089?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Directory Administrator, Ibm Rational Directory Server.