PT-2018-4277 · Ibm · Ibm Security Identity Manager+1
Published
2018-04-20
·
Updated
2018-05-22
·
CVE-2014-6108
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057
Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001
Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003
Description
The issue might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces.
Recommendations
For IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057, update to version 5.1.0.15-ISS-TIM-IF0057 or later.
For Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001, update to version 6.0.0.4-ISS-SIM-IF0001 or later.
For Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003, update to version 7.0.0.0-ISS-SIM-IF0003 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Identity Manager
Ibm Security Identity Manager