Home Unlabelled IBM Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

IBM Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

By
Friday, February 03, 2017
Read
Add Comment

The IBM Security Access Manager appliance stores obfuscated passwords in plain-text configuration files that can be accessed by authenticated users.

CVE(s): CVE-2015-5013

Affected product(s) and affected version(s):

IBM Security Access Manager for Web 8.0 appliances, all firmware versions.

IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.

IBM Security Access Manager 9.0 appliances, all firmware versions.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2k9Wd4n
X-Force Database: http://ift.tt/2k3D7L3



from IBM Product Security Incident Response Team http://ift.tt/2k9Mtat
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us