Main Vulnerability Database Vulnerabilities #VU36791

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1409

Published: August 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36791

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1409

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Governance and Intelligence (IGI)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396.

How to mitigate CVE-2017-1409

Install update from vendor's website.

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1409

Detailed vulnerability description

How to mitigate CVE-2017-1409

Sources

Please verify you're human