IBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities due to remote attacks, sensitive information exposure, and Denial of Service attacks.
CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152531> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-1968 DESCRIPTION: IBM Security Identity Manager discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153749> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Product | Version |
---|---|
IBM Security Identity Manager VA | 7.0.1 - 7.0.1.12 |
Product
| VRMF |Remediation
—|—|—
IBM Security Identity Manager Virtual Appliance | 7.0.1 - 7.0.1.12 | 7.0.1-ISS-SIM-FP0013
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 7.0.1 |