Main Vulnerability Database Vulnerabilities #VU36788

Inadequate Encryption Strength in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1366

Published: August 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36788

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1366

CWE-ID: CWE-326

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Governance and Intelligence (IGI)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859.

How to mitigate CVE-2017-1366

Install update from vendor's website.

Inadequate Encryption Strength in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1366

Detailed vulnerability description

How to mitigate CVE-2017-1366

Sources

Please verify you're human