CVE-2018-1675 : What You Need to Know

IBM Tivoli Application Dependency Discovery Manager versions 7.2.2 and 7.3 are affected by a vulnerability that could expose password hashes in system memory. This CVE was published on November 28, 2018.

Understanding CVE-2018-1675

This CVE impacts IBM Tivoli Application Dependency Discovery Manager versions 7.2.2 and 7.3, potentially exposing sensitive information.

What is CVE-2018-1675?

The presence of password hashes in system memory on target systems using TADDM could be exposed by IBM Tivoli Application Dependency Discovery Manager versions 7.2.2 and 7.3. This vulnerability is identified as IBM X-Force ID 145110.

The Impact of CVE-2018-1675

CVSS Base Score: 6.8 (Medium Severity)
Confidentiality Impact: High
Attack Complexity: High
Exploit Code Maturity: Unproven
Vector String: CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:C/UI:N/E:U/RC:C/RL:O

Technical Details of CVE-2018-1675

IBM Tivoli Application Dependency Discovery Manager versions 7.2.2 and 7.3 are affected by a vulnerability that could expose password hashes in system memory.

Vulnerability Description

The vulnerability allows for the exposure of password hashes in system memory on target systems using TADDM.

Affected Systems and Versions

Affected Versions: 7.2.2, 7.3
Product: Tivoli Application Dependency Discovery Manager

Exploitation Mechanism

The vulnerability could be exploited by attackers to access password hashes stored in system memory.

Mitigation and Prevention

To address CVE-2018-1675, follow these steps:

Immediate Steps to Take

Apply official fixes provided by IBM.
Monitor for any unauthorized access to sensitive information.

Long-Term Security Practices

Regularly update and patch the Tivoli Application Dependency Discovery Manager software.
Implement strong password policies and encryption practices.

Patching and Updates

Ensure that you apply the official fix released by IBM to mitigate the vulnerability.