CVE-2009-5084

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 through 6.2.0.2 (excluding 6.2.0.2)

Description The issue allows local users to potentially obtain sensitive information by reading log data when a specific tracing feature is enabled. This could lead to the exposure of passwords.

Recommendations For IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 through 6.2.0.1, update to version 6.2.0.2 to resolve the issue. As a temporary workaround, consider disabling the com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing feature until a patch is available.