CVE-2006-6607

Low CVSS 2.7

Overview

The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.

CWE: N/A Published: 2006-12-18T02:28:00.000

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.7 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags