CVE-2017-9278

Published: Mar 2, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

Affected (1)

Products: Netiq: Identity Manager

Netiq

1 product

Identity Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netiq Identity Manager	Before 4.0.2.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=1053200

Source: security@opentext.com

https://download.novell.com/Download?buildid=DKFkx_xPeaw~

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1053200

Source: af854a3a-2127-422b-91ae-364da2661108

https://download.novell.com/Download?buildid=DKFkx_xPeaw~

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.