PT-2018-4279 · Ibm · Ibm Security Identity Manager+1
Published
2018-04-20
·
Updated
2018-05-22
·
CVE-2014-6111
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057
Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001
Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003
Description
The issue allows local users to access encrypted user credentials and the keystore password stored in cleartext in configuration files, which can be used to decrypt Security Identity Manager credentials.
Recommendations
For IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057, update to version 5.1.0.15-ISS-TIM-IF0057 or later.
For Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001, update to version 6.0.0.4-ISS-SIM-IF0001 or later.
For Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003, update to version 7.0.0.0-ISS-SIM-IF0003 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Identity Manager
Ibm Security Identity Manager