CVE-2014-8923

IBM Tivoli/Security Identity Manager <5.1.24/<6.0.14 - Info Disclosure

Title source: llm
STIX 2.1

Description

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21699902

Scores

EPSS 0.0039
EPSS Percentile 30.5%

Details

CWE
CWE-200
Status published
Products (2)
ibm/security_identity_manager_active_directory_adapter < 6.0.14
ibm/tivoli_identity_manager_active_directory_adapter < 5.1.20
Published Mar 25, 2015
Tracked Since Feb 18, 2026