CVE-2014-8923
IBM Tivoli/Security Identity Manager <5.1.24/<6.0.14 - Info Disclosure
Title source: llmDescription
The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21699902
Scores
EPSS
0.0039
EPSS Percentile
30.5%
Details
CWE
CWE-200
Status
published
Products (2)
ibm/security_identity_manager_active_directory_adapter
< 6.0.14
ibm/tivoli_identity_manager_active_directory_adapter
< 5.1.20
Published
Mar 25, 2015
Tracked Since
Feb 18, 2026