Details of VAR-201105-0265

ID

VAR-201105-0265

CVE

CVE-2011-2143

TITLE

IBM Datacap Taskmaster Capture Vulnerable to login access

Trust: 0.8

sources: JVNDB: JVNDB-2011-004632

DESCRIPTION

IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. IBM Datacap Taskmaster Capture automates the document data entry process, reducing costs and improving document processing efficiency. Attackers can exploit this issue to gain unauthorized access to the affected application. Versions prior to Datacap Taskmaster Capture 8.0.1 Fix Pack 1 are vulnerable

Trust: 2.61

sources: NVD: CVE-2011-2143 // JVNDB: JVNDB-2011-004632 // CNVD: CNVD-2011-1922 // BID: 47909 // IVD: f586c798-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f586c798-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1922

AFFECTED PRODUCTS

vendor:	ibm	model:	datacap taskmaster capture	scope:	eq	version:	8.0.1	Trust: 2.5
vendor:	ibm	model:	datacap taskmaster capture	scope:	lt	version:	8.0.1	Trust: 0.8
vendor:	ibm	model:	datacap taskmaster capture	scope:	eq	version:	fp1	Trust: 0.8
vendor:	ibm	model:	datacap taskmaster capture fix pack	scope:	ne	version:	8.0.11	Trust: 0.3
vendor:	datacap taskmaster capture	model:	-	scope:	eq	version:	8.0.1	Trust: 0.2

sources: IVD: f586c798-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1922 // BID: 47909 // JVNDB: JVNDB-2011-004632 // CNNVD: CNNVD-201105-194 // NVD: CVE-2011-2143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2143
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2143
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201105-194
value:	MEDIUM
Trust: 0.6
IVD:	f586c798-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2011-2143
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	f586c798-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: f586c798-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-004632 // CNNVD: CNNVD-201105-194 // NVD: CVE-2011-2143

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2011-004632 // NVD: CVE-2011-2143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-194

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201105-194

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004632

PATCH

title:	7021511	url:	http://www.ibm.com/support/docview.wss?uid=swg27021511	Trust: 0.8
title:	IBM Datacap Taskmaster Capture verifies patches that bypass the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3896	Trust: 0.6

sources: CNVD: CNVD-2011-1922 // JVNDB: JVNDB-2011-004632

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2143	Trust: 3.5
db:	BID	id:	47909	Trust: 1.3
db:	CNVD	id:	CNVD-2011-1922	Trust: 0.8
db:	CNNVD	id:	CNNVD-201105-194	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-004632	Trust: 0.8
db:	IVD	id:	F586C798-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: f586c798-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1922 // BID: 47909 // JVNDB: JVNDB-2011-004632 // CNNVD: CNNVD-201105-194 // NVD: CVE-2011-2143

REFERENCES

url:	http://www.ibm.com/support/docview.wss?uid=swg27021511	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/67505	Trust: 1.0
url:	http://www.securityfocus.com/bid/47909	Trust: 1.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg27021511	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2143	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2143	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3

sources: CNVD: CNVD-2011-1922 // BID: 47909 // JVNDB: JVNDB-2011-004632 // CNNVD: CNNVD-201105-194 // NVD: CVE-2011-2143

CREDITS

IBM

Trust: 0.3

sources: BID: 47909

SOURCES

db:	IVD	id:	f586c798-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1922
db:	BID	id:	47909
db:	JVNDB	id:	JVNDB-2011-004632
db:	CNNVD	id:	CNNVD-201105-194
db:	NVD	id:	CVE-2011-2143

LAST UPDATE DATE

2025-04-11T23:08:58.055000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1922	date:	2011-05-19T00:00:00
db:	BID	id:	47909	date:	2011-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2011-004632	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201105-194	date:	2011-05-18T00:00:00
db:	NVD	id:	CVE-2011-2143	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	f586c798-2354-11e6-abef-000c29c66e3d	date:	2011-05-19T00:00:00
db:	CNVD	id:	CNVD-2011-1922	date:	2011-05-19T00:00:00
db:	BID	id:	47909	date:	2011-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2011-004632	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201105-194	date:	2011-05-17T00:00:00
db:	NVD	id:	CVE-2011-2143	date:	2011-05-16T18:55:01.510