CVE-2014-4835

low

Published 2015-01-17 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777

Application impact

Vendor	Product	Versions
ibm	serverguide	`{"endIncluding":"9.60"}`
ibm	toolscenter_suite	`{"endIncluding":"9.60"}`
ibm	updatexpress_system_packs_installer	`{"endIncluding":"9.60"}`

References

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777
https://exchange.xforce.ibmcloud.com/vulnerabilities/95629
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777
https://exchange.xforce.ibmcloud.com/vulnerabilities/95629

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.