Main Vulnerability Database Vulnerabilities #VU36792

Insufficiently protected credentials in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1411

Published: August 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36792

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1411

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Governance and Intelligence (IGI)

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399.

How to mitigate CVE-2017-1411

Install update from vendor's website.

Insufficiently protected credentials in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1411

Detailed vulnerability description

How to mitigate CVE-2017-1411

Sources

Please verify you're human