CVE-2014-6111

HIGH Year: 2014
CVSS v3 Score
7.8
High
CVSS v2 Score
2.1
Low
Weakness Type
CWE-255
View all →

Vulnerability Description

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180.

Related Vulnerabilities

CVE-2013-2951

HIGH
CVSS:7.8(High)

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information...

CWE-2552013

CVE-2014-1835

HIGH
CVSS:7.8(High)

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

CWE-2552014

CVE-2014-5002

HIGH
CVSS:7.8(High)

The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.

CWE-2552014

CVE-2014-8335

HIGH
CVSS:7.8(High)

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users ...

CWE-2552014

CVE-2015-4681

HIGH
CVSS:7.8(High)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

CWE-2552015

CVE-2016-2203

HIGH
CVSS:7.8(High)

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

CWE-2552016