Details of VAR-201501-0185

ID

VAR-201501-0185

CVE

CVE-2014-6584

TITLE

Oracle Sun Systems Products Suite of Integrated Lights Out Manager (ILOM) In Backup Restore Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001203

DESCRIPTION

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup Restore' sub component is affected. This vulnerability affects the following supported versions: ILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. Remote attackers can use this vulnerability to read data, affecting data confidentiality

Trust: 2.07

sources: NVD: CVE-2014-6584 // JVNDB: JVNDB-2015-001203 // BID: 72177 // VULHUB: VHN-74528 // VULMON: CVE-2014-6584

AFFECTED PRODUCTS

vendor:	oracle	model:	integrated lights out manager	scope:	lte	version:	3.2.3	Trust: 1.0
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2.3	Trust: 0.9
vendor:	oracle	model:	integrated lights out manager	scope:	lt	version:	3.2.4	Trust: 0.8
vendor:	avaya	model:	cms r17 r3	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	cms r17	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	cms r16 r6	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	cms r16	scope:	-	version:	-	Trust: 0.3

sources: BID: 72177 // JVNDB: JVNDB-2015-001203 // CNNVD: CNNVD-201501-459 // NVD: CVE-2014-6584

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6584
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-6584
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-459
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-74528
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-6584
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-6584
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-74528
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-74528 // VULMON: CVE-2014-6584 // JVNDB: JVNDB-2015-001203 // CNNVD: CNNVD-201501-459 // NVD: CVE-2014-6584

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-6584

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-459

TYPE

Unknown

Trust: 0.3

sources: BID: 72177

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001203

PATCH

title:	Oracle Critical Patch Update Advisory - January 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html	Trust: 0.8
title:	January 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update	Trust: 0.8
title:	Oracle: Oracle Critical Patch Update Advisory - January 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4a692d6d60aa31507cb101702b494c51	Trust: 0.1

sources: VULMON: CVE-2014-6584 // JVNDB: JVNDB-2015-001203

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6584	Trust: 2.9
db:	SECTRACK	id:	1031594	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-001203	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-459	Trust: 0.7
db:	BID	id:	72177	Trust: 0.5
db:	VULHUB	id:	VHN-74528	Trust: 0.1
db:	VULMON	id:	CVE-2014-6584	Trust: 0.1

sources: VULHUB: VHN-74528 // VULMON: CVE-2014-6584 // BID: 72177 // JVNDB: JVNDB-2015-001203 // CNNVD: CNNVD-201501-459 // NVD: CVE-2014-6584

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 2.2
url:	http://www.securitytracker.com/id/1031594	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6584	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6584	Trust: 0.8
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/101007405	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/72177	Trust: 0.1

sources: VULHUB: VHN-74528 // VULMON: CVE-2014-6584 // BID: 72177 // JVNDB: JVNDB-2015-001203 // CNNVD: CNNVD-201501-459 // NVD: CVE-2014-6584

CREDITS

Oracle

Trust: 0.3

sources: BID: 72177

SOURCES

db:	VULHUB	id:	VHN-74528
db:	VULMON	id:	CVE-2014-6584
db:	BID	id:	72177
db:	JVNDB	id:	JVNDB-2015-001203
db:	CNNVD	id:	CNNVD-201501-459
db:	NVD	id:	CVE-2014-6584

LAST UPDATE DATE

2024-11-23T19:26:58.449000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-74528	date:	2016-06-23T00:00:00
db:	VULMON	id:	CVE-2014-6584	date:	2016-06-23T00:00:00
db:	BID	id:	72177	date:	2015-05-07T17:28:00
db:	JVNDB	id:	JVNDB-2015-001203	date:	2015-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201501-459	date:	2015-01-23T00:00:00
db:	NVD	id:	CVE-2014-6584	date:	2024-11-21T02:14:42.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-74528	date:	2015-01-21T00:00:00
db:	VULMON	id:	CVE-2014-6584	date:	2015-01-21T00:00:00
db:	BID	id:	72177	date:	2015-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-001203	date:	2015-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201501-459	date:	2015-01-23T00:00:00
db:	NVD	id:	CVE-2014-6584	date:	2015-01-21T15:28:22.070