Information Disclosure in IBM Tivoli Business Service Manager
CVE-2007-1940

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Business Service Manager
Vendor: CVE Published:; 11 April 2007

What is CVE-2007-1940?

A vulnerability exists in IBM Tivoli Business Service Manager (TBSM) 4.1 prior to Interim Fix 1, which exposes sensitive information by logging passwords in plaintext. This allows local users to potentially gain access to confidential data by reading the 'ncisetup.db' or 'msi.log' files, thus increasing the risk of unauthorized access and data compromise.

References

http://osvdb.org/34770

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/23298

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/1248

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2007
Vulnerability Reserved
Apr 10, 2007