CVE-2008-4807 - Vulnerability Details - OpenCVE

IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Connections

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_connections::::::::
	cpe:2.3:a:ibm:lotus_connections:1.0.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32466
http://www-01.ibm.com/support/docview.wss?uid=swg27014008
http://www.securityfocus.com/bid/31989
https://exchange.xforce.ibmcloud.com/vulnerabilities/46213

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-31T17:18:00

Updated: 2024-08-07T10:31:27.171Z

Reserved: 2008-10-31T00:00:00

Link: CVE-2008-4807

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-31T18:09:08.477

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4807

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "lotus-connections-tracelog-info-disclosure(46213)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213"}, {"name": "32466", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32466"}, {"name": "31989", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31989"}, {"tags": ["x_refsource_MISC"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4807", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "lotus-connections-tracelog-info-disclosure(46213)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213"}, {"name": "32466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32466"}, {"name": "31989", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31989"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008", "refsource": "MISC", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:27.171Z"}, "title": "CVE Program Container", "references": [{"name": "lotus-connections-tracelog-info-disclosure(46213)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213"}, {"name": "32466", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32466"}, {"name": "31989", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31989"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4807", "datePublished": "2008-10-31T17:18:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2024-08-07T10:31:27.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_connections:*:*:*:*:*:*:*:*", "matchCriteriaId": "73990A0F-86C8-495C-9356-9CE768F33112", "versionEndIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_connections:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E16C309-8D8D-42F1-8DAA-AD2D47D54113", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Lotus Connections 2.x anterior a v2.0.1 de IBM almacena la contrase\u00f1a para el usuario administrador en el archivo trace.log, lo que permite a usuarios locales obtner informaci\u00f3n sensible leyendo este archivo. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."}], "id": "CVE-2008-4807", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-31T18:09:08.477", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32466"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31989"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46213"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}