CVE-2017-7434
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
Known Affected Software
2 configuration(s) from 1 vendor(s)
identity_manager
Version:
4.0.2
CPE:
cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*
identity_manager
Version:
4.5
CPE:
cpe:2.3:a:netiq:identity_manager:4.5:*:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://bugzilla.suse.com/show_bug.cgi?id=1005907security@opentext.com
-
https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.htmlsecurity@opentext.com
-
https://bugzilla.suse.com/show_bug.cgi?id=1005907af854a3a-2127-422b-91ae-364da2661108
-
https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.htmlaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-532
Insertion of Sensitive Information into Log File
- Description
- The product writes sensitive information to a log file.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- March 02, 2018
