exploitDog

CVE-2014-8923

Опубликовано: 25 мар. 2015

Источник: nvd

CVSS2: 1.9

EPSS Низкий

Описание

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21699902
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21699902
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*

Версия до 6.0.14 (включая)

cpe:2.3:a:ibm:tivoli_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*

Версия до 5.1.20 (включая)

EPSS

Процентиль: 31%

0.00118

Низкий

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-rjcf-r46h-wpm6

github

больше 3 лет назад

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

EPSS

Процентиль: 31%

0.00118

Низкий

1.9 Low

CVSS2

Дефекты

CWE-200