{
  "id": "CVE-2014-0646",
  "sourceIdentifier": "security_alert@emc.com",
  "published": "2014-05-01T17:29:56.697",
  "lastModified": "2014-05-02T13:49:06.440",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files."
    },
    {
      "lang": "es",
      "value": "El componente runtime WS en el servidor en EMC RSA Access Manager 6.1.3 anterior a 6.1.3.39, 6.1.4 anterior a 6.1.4.22, 6.2.0 anterior a 6.2.0.11 y 6.2.1 anterior a 6.2.1.03, cuando el registro INFO est\u00e1 habilitado, permite a usuarios locales descubrir contrase\u00f1as en texto plano mediante la lectura de archivos de registro."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:emc:rsa_access_manager:6.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "85D107C1-EBA6-4DD0-AAAC-2BA1ED6C4625"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:emc:rsa_access_manager:6.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "245A27D5-4210-4085-B629-A2C7F2F209C1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:emc:rsa_access_manager:6.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "73198FA0-127B-44FC-8908-EE8888CC7A76"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:emc:rsa_access_manager:6.2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "710517F1-6C8C-43D7-94CE-AD934075E766"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html",
      "source": "security_alert@emc.com"
    }
  ]
}