CVE-2012-3310

Published: Jan 17, 2013Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

Affected (15)

Products: Ibm: Tivoli Federated Identity Manager

Ibm

1 product

Tivoli Federated Identity Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Federated Identity Manager	Up to 6.1.1.13
Ibm Tivoli Federated Identity Manager	Version 6.1.1.12
Ibm Tivoli Federated Identity Manager	Version 6.1.1

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Federated Identity Manager	Version 6.2.0.10
Ibm Tivoli Federated Identity Manager	Version 6.2.0.11
Ibm Tivoli Federated Identity Manager	Version 6.2.0.1
Ibm Tivoli Federated Identity Manager	Version 6.2.0.2
Ibm Tivoli Federated Identity Manager	Version 6.2.0.3
Ibm Tivoli Federated Identity Manager	Version 6.2.0.8
Ibm Tivoli Federated Identity Manager	Version 6.2.0.9
Ibm Tivoli Federated Identity Manager	Version 6.2.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Federated Identity Manager	Version 6.2.1.1
Ibm Tivoli Federated Identity Manager	Version 6.2.1.2
Ibm Tivoli Federated Identity Manager	Version 6.2.1.3
Ibm Tivoli Federated Identity Manager	Version 6.2.1