Information disclosure in Ibm Installation_manager

CVE-2014-6134

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local user…

Vulnerability class: Information Disclosure

EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Installation_manager
Ibm Rational_clearcase — versions 8.0.0, 8.0.0.1, 8.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)