Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3310

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-3310
Last Modified 18 Jan 2013 12:00:00
Published 17 Jan 2013 05:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-3310

Summary

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.1.1

  • Ibm Tivoli Federated Identity Manager 6.1.1.12

  • Ibm Tivoli Federated Identity Manager 6.1.1.13

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.0.1

  • Ibm Tivoli Federated Identity Manager 6.2.0.10

  • Ibm Tivoli Federated Identity Manager 6.2.0.11

  • Ibm Tivoli Federated Identity Manager 6.2.0.2

  • Ibm Tivoli Federated Identity Manager 6.2.0.3

  • Ibm Tivoli Federated Identity Manager 6.2.0.8

  • Ibm Tivoli Federated Identity Manager 6.2.0.9

  • Ibm Tivoli Federated Identity Manager 6.2.1

  • Ibm Tivoli Federated Identity Manager 6.2.1.1

  • Ibm Tivoli Federated Identity Manager 6.2.1.2

  • Ibm Tivoli Federated Identity Manager 6.2.1.3


References

XF - tfim-tracefile-password-disclosure(77695)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21615977

AIXAPAR - IV26824

AIXAPAR - IV26823

AIXAPAR - IV26822


Last Updated: 27 May 2016 11:01:42