CVE-2012-4832

IBM InfoSphere Information Server <8.5 FP3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21623501
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78906

Scores

EPSS 0.0048
EPSS Percentile 38.0%

Details

CWE
CWE-200
Status published
Products (7)
ibm/infosphere_business_glossary 8.1.1
ibm/infosphere_business_glossary 8.1.2
ibm/infosphere_information_server 8.1
ibm/infosphere_information_server 8.5
ibm/infosphere_information_server 8.5.0.1
ibm/infosphere_information_server 8.5.0.2
ibm/infosphere_information_server 8.7
Published Jan 31, 2013
Tracked Since Feb 18, 2026