CVE-2009-5084 — IBM Tivoli Federated Identity Manager vulnerability

CWE-3103 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 84.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Federated Identity Manager

Timeline

PublishedAug 12

Latest updateMay 2

Description

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_federated_identity_manager6.2.0, 6.2.0.1+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-hx9g-2pr4-49jx: IBM Tivoli Federated Identity Manager (TFIM) 6↗2022-05-02

▶

CVEList

CVE-2009-5084: IBM Tivoli Federated Identity Manager (TFIM) 6↗2011-08-12

▶