CVE-2012-3310

CWE-2553 documents3 sources

Severity

3.5LOW

EPSS

0.3%

top 50.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Federated Identity Manager

Timeline

PublishedJan 17

Latest updateMay 17

Description

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_federated_identity_manager6.1.1.13+14

🔴Vulnerability Details

GHSA

GHSA-x2fr-7m77-g32f: IBM Tivoli Federated Identity Manager (TFIM) before 6↗2022-05-17

▶

CVEList

CVE-2012-3310: IBM Tivoli Federated Identity Manager (TFIM) before 6↗2013-01-17

▶