PT-2018-8500 · Netiq · Netiq Identity Manager Oracle Ebs Driver

Published

2018-03-02

Updated

2019-10-09

CVE-2017-9278

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetIQ Identity Manager Oracle EBS driver versions prior to 4.0.2.0

Description The issue concerns the NetIQ Identity Manager Oracle EBS driver sending EBS logs that contain the driver authentication password. This could potentially disclose the password to attackers who have the ability to read the EBS tables.

Recommendations For versions prior to 4.0.2.0, update to version 4.0.2.0 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2017-9278

Affected Products

Netiq Identity Manager Oracle Ebs Driver

PT-2018-8500 · Netiq · Netiq Identity Manager Oracle Ebs Driver

CVE-2017-9278

Weakness Enumeration

Related Identifiers

Affected Products

References · 4