Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5E2336F0E90CEE22919361920936A68F318676C7EBECD4B29FE39BF2AA3DB781
HistoryJan 15, 2019 - 6:10 a.m.

Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967, CVE-2018-2019)

2019-01-1506:10:02
www.ibm.com
4

0.002 Low

EPSS

Percentile

57.8%

JSON

Summary

IBM Security Identity Manager (ISIM) has addressed the following vulnerabilities that can allow attackers to compromise user accounts via weak passwords, uploading or transferring dangerous files types, cross-site scripting, or information disclosure and denial of service attacks.

Vulnerability Details

CVEID: CVE-2018-1956 DESCRIPTION: IBM Security Identity Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153628&gt; for the current score

CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-1969 DESCRIPTION: IBM Security Identity Manager allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.
CVSS Base Score: 9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153750&gt; for the current score

CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-1967 DESCRIPTION: IBM Security Identity Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153748&gt;

for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-2019 DESCRIPTION: IBM Security Identity Manager Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155265&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Product Version
IBM Security Identity Manager 6.0.0 - 6.0.0.20

Remediation/Fixes

Product VRMF Remediation

IBM Security Identity Manager

|

6.0.0 - 6.0.0.20

|

6.0.0-ISS-SIM-FP0021

CPENameOperatorVersion
ibm security identity managereq6.0.0

Related

cvelist 4
nvd 4
cve 4
prion 4
cvelist
cvelist
CVE-2018-1969
2019-01-10 00:00:00
CVE-2018-1967
2019-01-10 00:00:00
CVE-2018-1956
2019-01-10 00:00:00
nvd
nvd
CVE-2018-1969
2019-01-14 14:29:00
CVE-2018-1967
2019-01-14 14:29:00
CVE-2018-1956
2019-01-14 14:29:00
cve
cve
CVE-2018-1969
2019-01-14 14:29:00
CVE-2018-1956
2019-01-14 14:29:00
CVE-2018-1967
2019-01-14 14:29:00
prion
prion
Design/Logic Flaw
2019-01-14 14:29:00
Design/Logic Flaw
2019-01-14 14:29:00
Cross site scripting
2019-01-14 14:29:00

0.002 Low

EPSS

Percentile

57.8%

JSON
Related for 5E2336F0E90CEE22919361920936A68F318676C7EBECD4B29FE39BF2AA3DB781
cvelist4nvd4cve4prion4