Sensitive information disclosure in IBM Security Identity Manager Virtual Appliance in IBM Security Identity Manager Virtual Appliance - CVE-2016-0338
Published: July 11, 2016
Vulnerability identifier: #VU116
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-0338
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance
Detailed vulnerability description
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists in IBM Security Identity Manager Virtual Appliance. A local user can obtain sensitive information including passwords in cleartext by examining configuration files and running processes.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
The vulnerability exists in IBM Security Identity Manager Virtual Appliance. A local user can obtain sensitive information including passwords in cleartext by examining configuration files and running processes.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
How to mitigate CVE-2016-0338
IBM has issued a fix (7.0.1-ISS-SIM-FP0003).