IBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities due to an application error that causes an error message to contain sensitive information, embedded code by untrusted websites that can allow authorized users to unknowingly alter the integrity of the system, and weaker than expected cryptographic algorithms.
CVEID: CVE-2018-1966 DESCRIPTION: IBM Security Identity Manager Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153662> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-1964 DESCRIPTION: IBM Security Identity Manager Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victimβs click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153660> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1965 DESCRIPTION: IBM Security Privileged Identity Manager Virtual Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153661> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Product | Version |
---|---|
IBM Security Identity Manager VA | 7.0.1 - 7.0.1.11 |
Product
| VRMF |Remediation
β|β|β
IBM Security Identity Manager Virtual Appliance | 7.0.1 - 7.0.1.11 | 7.0.1-ISS-SIM-FP0012