Vulnerabilities > CVE-2006-6607 - Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6

CVSS 2.7 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

ibm

NVD

Published: 2006-12-18

Updated: 2017-07-29

Summary

The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Identity Manager 4.6	1

References

http://secunia.com/advisories/23359
http://securitytracker.com/id?1017380
http://www.securityfocus.com/bid/21570
http://www.vupen.com/english/advisories/2006/4989
http://www-1.ibm.com/support/docview.wss?uid=swg21251069
https://exchange.xforce.ibmcloud.com/vulnerabilities/30865