Sensitive Information Exposure in IBM Tivoli Event Pump 4.2.2

Sensitive Information Exposure in IBM Tivoli Event Pump 4.2.2

CVE-2012-0742 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data.

Learn more about our User Device Pen Test.