CVE-2014-8923

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21699902	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_identity_manager_active_directory_adapter::::::windows::*
	cpe:2.3:a:ibm:tivoli_identity_manager_active_directory_adapter::::::windows::*

History

No history.

Information

Published : 2015-03-25 01:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-8923

Mitre link : CVE-2014-8923

CVE.ORG link : CVE-2014-8923

JSON object : View

Products Affected

ibm

tivoli_identity_manager_active_directory_adapter
security_identity_manager_active_directory_adapter

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-8923", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-25T01:59:11.220", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file."}, {"lang": "es", "value": "El adaptador (1) IBM Tivoli Identity Manager Active Directory en versiones anteriores a 5.1.24 y el adaptador (2) IBM Security Identity Manager Active Directory en versiones anteriores a 6.0.14 para IBM Security Identity Manager en Windows, cuando ciertos niveles de registro y rastreo son configurados, almacena la contrase\u00f1a de administrador en un archivo de registro, lo que permite a usuarios locales obtener informaci\u00f3n sensible leyendo un archivo."}], "lastModified": "2016-08-31T15:17:48.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "19ABC5D5-89DF-434A-B707-DEA35D7E6417", "versionEndIncluding": "6.0.14"}, {"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "23B968D5-C1BE-4BFC-9B4B-3472D241FCC4", "versionEndIncluding": "5.1.20"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}