Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB8A4BF7686CEB6988104453293A92713C8E6B8ACD5AD73ABF99B75463BBF8644
HistoryMar 26, 2019 - 9:25 p.m.

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2018-1966, CVE-2018-1964, CVE-2018-1965)

2019-03-2621:25:01
www.ibm.com
7
JSON

Summary

IBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities due to an application error that causes an error message to contain sensitive information, embedded code by untrusted websites that can allow authorized users to unknowingly alter the integrity of the system, and weaker than expected cryptographic algorithms.

Vulnerability Details

CVEID: CVE-2018-1966 DESCRIPTION: IBM Security Identity Manager Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153662&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-1964 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153660&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1965 DESCRIPTION: IBM Security Privileged Identity Manager Virtual Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153661&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Product Version
IBM Security Identity Manager VA 7.0.1 - 7.0.1.11

Remediation/Fixes

Product

| VRMF |Remediation
β€”|β€”|β€”
IBM Security Identity Manager Virtual Appliance | 7.0.1 - 7.0.1.11 | 7.0.1-ISS-SIM-FP0012

Related

cve 3
cve
cve
CVE-2018-1965
2023-02-23 21:49:57
CVE-2018-1966
2023-02-23 21:49:58
CVE-2018-1964
2023-02-23 21:48:39
JSON
Related for B8A4BF7686CEB6988104453293A92713C8E6B8ACD5AD73ABF99B75463BBF8644
cve3