CVE-2012-3310

low

Published 2013-01-17 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21615977

Application impact

Vendor	Product	Versions
ibm	tivoli_federated_identity_manager	`{"endIncluding":"6.1.1.13"}`
ibm	tivoli_federated_identity_manager	`6.1.1`
ibm	tivoli_federated_identity_manager	`6.1.1.12`
ibm	tivoli_federated_identity_manager	`6.2.0`
ibm	tivoli_federated_identity_manager	`6.2.0.1`
ibm	tivoli_federated_identity_manager	`6.2.0.2`
ibm	tivoli_federated_identity_manager	`6.2.0.3`
ibm	tivoli_federated_identity_manager	`6.2.0.8`
ibm	tivoli_federated_identity_manager	`6.2.0.9`
ibm	tivoli_federated_identity_manager	`6.2.0.10`
ibm	tivoli_federated_identity_manager	`6.2.0.11`
ibm	tivoli_federated_identity_manager	`6.2.1`
ibm	tivoli_federated_identity_manager	`6.2.1.1`
ibm	tivoli_federated_identity_manager	`6.2.1.2`
ibm	tivoli_federated_identity_manager	`6.2.1.3`

References

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.