A fix is available for the IBM SONAS, for the security issue that user information is displayed in system audit log
CVEID:
CVE-2014-3077
DESCRIPTION:
Under some circumstances, user details appear in the system log. An attacker could exploit this vulnerability to gain unauthorized access to the system.
CVSS Base Score: 1.7
CVSS Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N)
IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.3
A fix for these issues is in version 1.4.3.4 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.4 or a later version, so that the fix gets applied.
Workaround(s) :
Avoid use of authentication server which is not protected behind a firewall. This vulnerability can be exploited only by someone who could obtain access to the authentication server.
Mitigation(s) : None