Main Vulnerability Database Vulnerabilities #VU36793

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1412

Published: August 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36793

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-1412

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Governance and Intelligence (IGI)

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400.

How to mitigate CVE-2017-1412

Install update from vendor's website.

Sources

http://www.ibm.com/support/docview.wss?uid=swg22016869
https://exchange.xforce.ibmcloud.com/vulnerabilities/127400

Information disclosure in IBM Security Identity Governance and Intelligence (IGI) - CVE-2017-1412

Detailed vulnerability description

How to mitigate CVE-2017-1412

Sources

Please verify you're human