Information Disclosure Vulnerability in IBM Tivoli Application Dependency Discovery Manager
CVE-2018-1675

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Application Dependency Discovery Manager
Vendor: CVE Published:; 4 February 2019

Summary

The IBM Tivoli Application Dependency Discovery Manager versions 7.2.2 and 7.3 are prone to an information disclosure vulnerability that allows attackers to expose password hashes stored in the system memory. This may occur on target systems configured to utilize TADDM, leading to significant security risks if exploited. Organizations using affected versions should assess their configurations and implement necessary remediation measures to safeguard sensitive information.

Affected Version(s)

Tivoli Application Dependency Discovery Manager 7.2.2

Tivoli Application Dependency Discovery Manager 7.3

References

http://www.ibm.com/support/docview.wss?uid=ibm10742403

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/145110

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2019
Vulnerability Reserved
Dec 13, 2017