IBM Security Identity Manager (ISIM) has addressed the following vulnerability that can allow attackers to compromise user accounts via limited code injection.
CVEID: CVE-2019-4038 DESCRIPTION: IBM Security Identity Manager could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156162> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Product | Version |
---|---|
IBM Security Identity Manager | 6.0.0 - 6.0.0.20 |
IBM Security Identity Manager VA | 7.0.0 - 7.0.1.10 |
Product | VRMF | Remediation |
---|
IBM Security Identity Manager
|
6.0.0 - 6.0.0.20
|
IBM Security Identity Manager | 7.0.0 - 7.0.1.10 |
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 6.0 | |
ibm security identity manager | eq | 7.0 |