Information Disclosure Vulnerability in IBM Tivoli Business Service Manager
CVE-2008-0441

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Business Service Manager
Vendor: CVE Published:; 25 January 2008

Summary

The vulnerability in IBM Tivoli Business Service Manager (TBSM) 4.1.1 involves the insecure storage of passwords in cleartext. After authentication and certain reconfiguration actions, the passwords are written to the SM_server.log file. This flaw allows local users to access these logs, potentially exposing sensitive information and leading to unauthorized access.

References

http://www.securityfocus.com/bid/27388

vdb-entryx_refsource_BID

http://www-1.ibm.com/support/docview.wss?uid=swg24017939

x_refsource_CONFIRM

http://www.securitytracker.com/id?1019250

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 25, 2008
Vulnerability Reserved
Jan 24, 2008