PT-2012-2833 · Ibm · Ibm Tivoli Event Pump

Published

2012-04-09

Updated

2017-08-29

CVE-2012-0742

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Tivoli Event Pump version 4.2.2

Description The issue allows local users to obtain sensitive information by reading the AOPSCLOG (aka AOPLOG) data set. This occurs when the LOG REQUESTS and VALIDATE SOAP USERS options are enabled, causing credentials to be placed into the AOPSCLOG data set.

Recommendations For IBM Tivoli Event Pump version 4.2.2, consider disabling the LOG REQUESTS and VALIDATE SOAP USERS options as a temporary workaround to prevent credentials from being logged to the AOPSCLOG data set. Restrict access to the AOPSCLOG data set to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-0742

Affected Products

Ibm Tivoli Event Pump

PT-2012-2833 · Ibm · Ibm Tivoli Event Pump

CVE-2012-0742

Weakness Enumeration

Related Identifiers

Affected Products

References · 3