Vulnerabilities > CVE-2006-6607 - Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE low complexity
ibm
Summary
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |