IBM Tivoli Federated Identity Manager (TFIM) prior to 6.1.1.14, 6.2.0 prior to 6.2.0.12, and 6.2.1 prior to 6.2.1.4 allows context-dependent malicious users to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli federated identity manager 6.1.1.12 |
||
ibm tivoli federated identity manager |
||
ibm tivoli federated identity manager 6.1.1 |
||
ibm tivoli federated identity manager 6.2.0.9 |
||
ibm tivoli federated identity manager 6.2.0.10 |
||
ibm tivoli federated identity manager 6.2.0 |
||
ibm tivoli federated identity manager 6.2.0.11 |
||
ibm tivoli federated identity manager 6.2.0.3 |
||
ibm tivoli federated identity manager 6.2.0.8 |
||
ibm tivoli federated identity manager 6.2.0.1 |
||
ibm tivoli federated identity manager 6.2.0.2 |
||
ibm tivoli federated identity manager 6.2.1.2 |
||
ibm tivoli federated identity manager 6.2.1.3 |
||
ibm tivoli federated identity manager 6.2.1 |
||
ibm tivoli federated identity manager 6.2.1.1 |