PT-2015-4127 · Ibm · Ibm Security Identity Manager Active Directory Adapter+1

Published

2015-03-25

Updated

2016-08-31

CVE-2014-8923

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Tivoli Identity Manager Active Directory adapter versions prior to 5.1.24 IBM Security Identity Manager Active Directory adapter versions prior to 6.0.14

Description The issue allows local users to obtain sensitive information by reading a log file when certain log and trace levels are configured. This is because the cleartext administrator password is stored in a log file.

Recommendations For IBM Tivoli Identity Manager Active Directory adapter versions prior to 5.1.24, update to version 5.1.24 or later. For IBM Security Identity Manager Active Directory adapter versions prior to 6.0.14, update to version 6.0.14 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-8923

Affected Products

Ibm Security Identity Manager Active Directory Adapter

Ibm Tivoli Identity Manager Active Directory Adapter

PT-2015-4127 · Ibm · Ibm Security Identity Manager Active Directory Adapter+1

CVE-2014-8923

Weakness Enumeration

Related Identifiers

Affected Products

References · 2