Vulnerability-Lookup

CNVD-2015-01982

Vulnerability from cnvd - Published: 2015-03-26

Title

IBM Security Identity Manager信息泄露漏洞（CNVD-2015-01982）

Description

IBM Security Identity Manager是IBM Security Systems产品組合的一員，能帮助组织跨整个企业推动有效的身分管理与控管,减少身分诈骗风险并提升法规遵循。 IBM Security Identity Manager存在信息泄露漏洞，当配置一定的日志和跟踪级别时，在日志文件中存储明文管理员密码，允许本地用户通过读取文件获得敏感信息。

Severity

低

Patch Name

IBM Security Identity Manager信息泄露漏洞（CNVD-2015-01982）的补丁

Patch Description

IBM Security Identity Manager是IBM Security Systems产品組合的一員，能帮助组织跨整个企业推动有效的身分管理与控管,减少身分诈骗风险并提升法规遵循。IBM Security Identity Manager存在信息泄露漏洞，当配置一定的日志和跟踪级别时，在日志文件中存储明文管理员密码，允许本地用户通过读取文件获得敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.ibm.com/us/en/

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21699902 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8923

Impacted products

Name
IBM Security Identity Manager <6.0.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8923"
    }
  },
  "description": "IBM Security Identity Manager\u662fIBM Security Systems\u4ea7\u54c1\u7d44\u5408\u7684\u4e00\u54e1\uff0c\u80fd\u5e2e\u52a9\u7ec4\u7ec7\u8de8\u6574\u4e2a\u4f01\u4e1a\u63a8\u52a8\u6709\u6548\u7684\u8eab\u5206\u7ba1\u7406\u4e0e\u63a7\u7ba1,\u51cf\u5c11\u8eab\u5206\u8bc8\u9a97\u98ce\u9669\u5e76\u63d0\u5347\u6cd5\u89c4\u9075\u5faa\u3002 \r\n\r\nIBM Security Identity Manager\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u914d\u7f6e\u4e00\u5b9a\u7684\u65e5\u5fd7\u548c\u8ddf\u8e2a\u7ea7\u522b\u65f6\uff0c\u5728\u65e5\u5fd7\u6587\u4ef6\u4e2d\u5b58\u50a8\u660e\u6587\u7ba1\u7406\u5458\u5bc6\u7801\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u8bfb\u53d6\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.ibm.com/us/en/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01982",
  "openTime": "2015-03-26",
  "patchDescription": "IBM Security Identity Manager\u662fIBM Security Systems\u4ea7\u54c1\u7d44\u5408\u7684\u4e00\u54e1\uff0c\u80fd\u5e2e\u52a9\u7ec4\u7ec7\u8de8\u6574\u4e2a\u4f01\u4e1a\u63a8\u52a8\u6709\u6548\u7684\u8eab\u5206\u7ba1\u7406\u4e0e\u63a7\u7ba1,\u51cf\u5c11\u8eab\u5206\u8bc8\u9a97\u98ce\u9669\u5e76\u63d0\u5347\u6cd5\u89c4\u9075\u5faa\u3002IBM Security Identity Manager\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u914d\u7f6e\u4e00\u5b9a\u7684\u65e5\u5fd7\u548c\u8ddf\u8e2a\u7ea7\u522b\u65f6\uff0c\u5728\u65e5\u5fd7\u6587\u4ef6\u4e2d\u5b58\u50a8\u660e\u6587\u7ba1\u7406\u5458\u5bc6\u7801\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u8bfb\u53d6\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Identity Manager\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-01982\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Security Identity Manager \u003c6.0.14"
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8923",
  "serverity": "\u4f4e",
  "submitTime": "2015-03-25",
  "title": "IBM Security Identity Manager\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-01982\uff09"
}

CVE-2014-8923 (GCVE-0-2014-8923)

Vulnerability from cvelistv5 – Published: 2015-03-25 01:00 – Updated: 2024-08-06 13:33

Summary

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-25T03:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699902"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8923",
    "datePublished": "2015-03-25T01:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01982

CVE-2014-8923 (GCVE-0-2014-8923)

Tags

Sightings

Nomenclature