CVE-2012-0742

Name of the Vulnerable Software and Affected Versions IBM Tivoli Event Pump version 4.2.2

Description The issue allows local users to obtain sensitive information by reading the AOPSCLOG (aka AOPLOG) data set. This occurs when the LOG REQUESTS and VALIDATE SOAP USERS options are enabled, causing credentials to be placed into the AOPSCLOG data set.

Recommendations For IBM Tivoli Event Pump version 4.2.2, consider disabling the LOG REQUESTS and VALIDATE SOAP USERS options as a temporary workaround to prevent credentials from being logged to the AOPSCLOG data set. Restrict access to the AOPSCLOG data set to minimize the risk of exploitation.