Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Identity Manager Oracle EBS driver by NetIQ
CVE-2017-9278 (GCVE-0-2017-9278)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:05
VLAI
EPSS
VEX
Title
Avoid password disclosure via EBS event logging in the iManager Oracle driver
Summary
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
Severity
CWE
- password disclosure via logging
- CWE-532
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://download.novell.com/Download?buildid=DKFk… | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1053200 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager Oracle EBS driver |
Affected:
unspecified , < 4.0.2.0
(custom)
|
Date Public
2017-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager Oracle EBS driver",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.0.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password disclosure via logging",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
},
"title": "Avoid password disclosure via EBS event logging in the iManager Oracle driver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-09-01T00:00:00.000Z",
"ID": "CVE-2017-9278",
"STATE": "PUBLIC",
"TITLE": "Avoid password disclosure via EBS event logging in the iManager Oracle driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager Oracle EBS driver",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.0.2.0"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password disclosure via logging"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~",
"refsource": "CONFIRM",
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1053200",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
]
},
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9278",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:43.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9278 (GCVE-0-2017-9278)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:05
VLAI
EPSS
VEX
Title
Avoid password disclosure via EBS event logging in the iManager Oracle driver
Summary
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
Severity
CWE
- password disclosure via logging
- CWE-532
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://download.novell.com/Download?buildid=DKFk… | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1053200 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager Oracle EBS driver |
Affected:
unspecified , < 4.0.2.0
(custom)
|
Date Public
2017-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager Oracle EBS driver",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.0.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password disclosure via logging",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
],
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
},
"title": "Avoid password disclosure via EBS event logging in the iManager Oracle driver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-09-01T00:00:00.000Z",
"ID": "CVE-2017-9278",
"STATE": "PUBLIC",
"TITLE": "Avoid password disclosure via EBS event logging in the iManager Oracle driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager Oracle EBS driver",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.0.2.0"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password disclosure via logging"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~",
"refsource": "CONFIRM",
"url": "https://download.novell.com/Download?buildid=DKFkx_xPeaw~"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1053200",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1053200"
}
]
},
"source": {
"defect": [
"1053200"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9278",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:43.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}