PT-2018-8500 · Netiq · Netiq Identity Manager Oracle Ebs Driver

Publicado

2018-03-02

Atualizado

2019-10-09

CVE-2017-9278

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetIQ Identity Manager Oracle EBS driver versions prior to 4.0.2.0

Description The issue concerns the NetIQ Identity Manager Oracle EBS driver sending EBS logs that contain the driver authentication password. This could potentially disclose the password to attackers who have the ability to read the EBS tables.

Recommendations For versions prior to 4.0.2.0, update to version 4.0.2.0 or later to resolve the issue.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2017-9278

Produtos afetados

Netiq Identity Manager Oracle Ebs Driver

PT-2018-8500 · Netiq · Netiq Identity Manager Oracle Ebs Driver

CVE-2017-9278

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4