CVE Vulnerabilities

CVE-2017-9278

Insertion of Sensitive Information into Log File

Published: Mar 02, 2018 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Identity_manager Netiq * 4.0.2.0 (excluding)

Potential Mitigations

References