CVE-2006-6607

3 documents3 sources

Severity

2.7LOW

EPSS

0.1%

top 67.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Identity Manager

Timeline

PublishedDec 18

Latest updateMay 1

Description

The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 5.1 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_identity_manager4.6

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6j9-c274-5x52: The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4↗2022-05-01

▶

CVEList

CVE-2006-6607: The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4↗2006-12-18

▶