Main Vulnerability Database Vulnerabilities #VU36714

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2018-1757

Published: September 7, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36714

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1757

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Governance and Intelligence (IGI)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601.

How to mitigate CVE-2018-1757

Install update from vendor's website.

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2018-1757

Detailed vulnerability description

How to mitigate CVE-2018-1757

Sources

Please verify you're human