Description
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://download.novell.com/Download?buildid=DKFkx_xPeaw~
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1053200
Scores
CVSS v3
3.3
EPSS
0.0015
EPSS Percentile
34.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
netiq/identity_manager
< 4.0.2.0
Published
Mar 02, 2018
Tracked Since
Feb 18, 2026