Main Vulnerability Database Vulnerabilities #VU37481

Use of hard-coded credentials in Rational Publishing Engine - CVE-2017-1787

Published: March 2, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37481

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-1787

CWE-ID: CWE-798

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Rational Publishing Engine

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.

How to mitigate CVE-2017-1787

Install update from vendor's website.

Sources

http://www.ibm.com/support/docview.wss?uid=swg22013961
http://www.securityfocus.com/bid/103252
https://exchange.xforce.ibmcloud.com/vulnerabilities/137022

Use of hard-coded credentials in Rational Publishing Engine - CVE-2017-1787

Detailed vulnerability description

How to mitigate CVE-2017-1787

Sources

Please verify you're human