CVE-2014-8923

2015-03-2501:59:11

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

Affected configurations

Nvd

Node

ibmsecurity_identity_manager_active_directory_adapterRange≤6.0.14windows

ibmtivoli_identity_manager_active_directory_adapterRange≤5.1.20windows

VendorProductVersionCPE
ibmsecurity_identity_manager_active_directory_adapter*cpe:2.3:a:ibm:security_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*
ibmtivoli_identity_manager_active_directory_adapter*cpe:2.3:a:ibm:tivoli_identity_manager_active_directory_adapter:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ibm	security_identity_manager_active_directory_adapter	*	cpe:2.3:a:ibm:security_identity_manager_active_directory_adapter::::::windows::*
ibm	tivoli_identity_manager_active_directory_adapter	*	cpe:2.3:a:ibm:tivoli_identity_manager_active_directory_adapter::::::windows::*