Vulnerability Description
The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Identity Manager Active Directory Adapter | <= 6.0.14 |
| Ibm | Tivoli Identity Manager Active Directory Adapter | <= 5.1.20 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21699902PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21699902PatchVendor Advisory
FAQ
What is CVE-2014-8923?
CVE-2014-8923 is a vulnerability with a CVSS score of 1.9 (LOW). The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, wh...
How severe is CVE-2014-8923?
CVE-2014-8923 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8923?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager Active Directory Adapter, Ibm Tivoli Identity Manager Active Directory Adapter.