IBMC5A7E03D13DC0D2595592F68E6788B7D7A92E07E7B5972C3D526DF58DCEED136Security Bulletin: User information can appear in the system audit log on the IBM SONAS (CVE-2014-3077)
EPSS
Percentile
5.1%
Summary
A fix is available for the IBM SONAS, for the security issue that user information is displayed in system audit log
Vulnerability Details
CVEID:
CVE-2014-3077
DESCRIPTION:
Under some circumstances, user details appear in the system log. An attacker could exploit this vulnerability to gain unauthorized access to the system.
CVSS Base Score: 1.7
CVSS Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Affected Products and Versions
IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.3
Remediation/Fixes
A fix for these issues is in version 1.4.3.4 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.4 or a later version, so that the fix gets applied.
Workarounds and Mitigations
Workaround(s) :
Avoid use of authentication server which is not protected behind a firewall. This vulnerability can be exploited only by someone who could obtain access to the authentication server.
Mitigation(s) : None
Related
