Vulnerabilities > CVE-2014-6111 - Credentials Management vulnerability in IBM Security Identity Manager and Tivoli Identity Manager

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-255

NVD

Published: 2018-04-20

Updated: 2018-05-22

Summary

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Identity Manager 6.0 IBM Security Identity Manager 7.0 IBM Tivoli Identity Manager 5.1	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www-01.ibm.com/support/docview.wss?uid=swg21698020
https://exchange.xforce.ibmcloud.com/vulnerabilities/96180