SymmetricalDataSecurity: IBM Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

Friday, February 3, 2017

IBM Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

The IBM Security Access Manager appliance stores obfuscated passwords in plain-text configuration files that can be accessed by authenticated users.

CVE(s): CVE-2015-5013

Affected product(s) and affected version(s):

IBM Security Access Manager for Web 8.0 appliances, all firmware versions.

IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.

IBM Security Access Manager 9.0 appliances, all firmware versions.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2k9Wd4n
X-Force Database: http://ift.tt/2k3D7L3

from IBM Product Security Incident Response Team http://ift.tt/2k9Mtat

SymmetricalDataSecurity

Friday, February 3, 2017

IBM Security Bulletin: IBM Security Access Manager uses configuration files with obfuscated passwords that can be accessed by authenticated users (CVE-2015-5013)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews