Vulnerability Details CVE-2006-6607
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.4%
CVSS Severity
CVSS v2 Score 2.7
References
- http://secunia.com/advisories/23359
- http://securitytracker.com/id?1017380
- http://www-1.ibm.com/support/docview.wss?uid=swg21251069
- http://www.securityfocus.com/bid/21570
- http://www.vupen.com/english/advisories/2006/4989
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30865
- http://secunia.com/advisories/23359
- http://securitytracker.com/id?1017380
- http://www-1.ibm.com/support/docview.wss?uid=swg21251069
- http://www.securityfocus.com/bid/21570
- http://www.vupen.com/english/advisories/2006/4989
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30865
Products affected by CVE-2006-6607
-
cpe:2.3:a:ibm:tivoli_identity_manager:4.6