Cleartext Credential Storage Vulnerability in IBM Tivoli Identity Manager
CVE-2014-6111

7.8HIGH

Key Information:

Vendor: IBM
Status: Security Identity Manager; Tivoli Identity Manager
Vendor: CVE Published:; 20 April 2018

Summary

IBM Tivoli Identity Manager and Security Identity Manager versions prior to specified updates store sensitive user credentials and the keystore password in plain text within configuration files. This design flaw enables local users to potentially exploit this weakness to gain unauthorized access to encrypted SIM credentials through unspecified methods. Organizations using affected versions should implement immediate remediation to secure sensitive data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21698020

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/96180

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2018
Vulnerability Reserved
Sep 2, 2014