Lucene search

[email protected]CVE-2009-5084

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-5084

2022-10-0316:24:01

CWE-310

[email protected]

web.nvd.nist.gov

ibm

tfim

6.2.0

security

vulnerability

local users

sensitive information

5.7 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.

Affected configurations

NVD

Node

ibmtivoli_federated_identity_managerMatch6.2.0

ibmtivoli_federated_identity_managerMatch6.2.0.1

CPENameOperatorVersion
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.1

CPE	Name	Operator	Version
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IZ44560

www.ibm.com/support/docview.wss?uid=swg24029497

5.7 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2009-5084

cvelist1 prion1 nvd1