PT-2006-7209 · Ibm+1 · Ibm Websphere Application Server+2

Published

2006-12-18

Updated

2017-07-29

CVE-2006-6607

CVSS v2.0

2.7

Low

Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) version 4.6

Description The issue allows local users to obtain the Java Key Store (JKS) password by listing the process or using other methods, as the password is placed in a -Djavax.net.ssl.trustStorePassword command line argument.

Recommendations For WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) version 4.6, consider removing the JKS password from the command line argument to prevent local users from obtaining it. As a temporary workaround, restrict access to the process listing and command line arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6607

Affected Products

Ibm Tivoli Identity Manager

Java Key Store

Ibm Websphere Application Server

PT-2006-7209 · Ibm+1 · Ibm Websphere Application Server+2

CVE-2006-6607

Related Identifiers

Affected Products

References · 7