IBM Security Identity Manager (ISIM) has addressed the following vulnerabilities that can allow attackers to compromise user accounts via weak passwords, uploading or transferring dangerous files types, cross-site scripting, or information disclosure and denial of service attacks.
CVEID: CVE-2018-1956 DESCRIPTION: IBM Security Identity Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153628> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-1969 DESCRIPTION: IBM Security Identity Manager allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.
CVSS Base Score: 9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153750> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-1967 DESCRIPTION: IBM Security Identity Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153748>
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-2019 DESCRIPTION: IBM Security Identity Manager Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155265> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
Product | Version |
---|---|
IBM Security Identity Manager | 6.0.0 - 6.0.0.20 |
Product | VRMF | Remediation |
---|
IBM Security Identity Manager
|
6.0.0 - 6.0.0.20
|
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 6.0.0 |