13 matches found
Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities
Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2020-4957
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208...
CVE-2020-4969
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...
CVE-2020-4968
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427...
CVE-2020-4969
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...
Unspecified Vulnerability in IBM Security Identity Governance and Intelligence (CNVD-2020-31573)
IBM Security Identity Governance and Intelligence IGI is a suite of identity governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Security IGI version...
IBM Identity Governance and Intelligence SQL Injection (CVE-2018-1756)
An SQL injection vulnerability exists in IBM Identity Governance and Intelligence. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2018-1947
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-1948
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes...
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
Exploit Title: Unauthenticated Remote SQLi Date: 11/09/2018 Exploit Author: Mohamed Sayed - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10728883 Version: IGI 5.2.3.2 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1756 Hello , IBM IGI version 5.2.3.2 i...
CVE-2017-1395
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive...
IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2017-00196)
IBM Security Privileged Identity Manager is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM USA, that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security...
IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2017-00195)
IBM Security Privileged Identity Manager is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM in the U.S. It is used to protect, automate, and audit the use of privileged identities to help defend against insider threats and...