Information Disclosure Vulnerability in IBM Lotus Connections
CVE-2008-4807

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 31 October 2008

Summary

The vulnerability identified in IBM Lotus Connections 2.x prior to version 2.0.1 involves the insecure storage of administrative user passwords in the trace.log file. This flaw allows local users to potentially access sensitive information by reading the log file, which may result in unauthorized access to administrative functions of the application. It highlights the need for secure management of sensitive information and proper logging practices to prevent exposure. Organizations using affected versions should consider updating to mitigate the risk associated with this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46213

vdb-entryx_refsource_XF

http://secunia.com/advisories/32466

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/31989

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 31, 2008
Vulnerability Reserved
Oct 31, 2008