Vulnerability Details : CVE-2018-1949
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2018-1949
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-1949
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1949
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1949
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/153429
IBM Security Identity Governance and Intelligence information disclosure CVE-2018-1949 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/docview.wss?uid=ibm10872142
IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilitiesPatch;Vendor Advisory
Products affected by CVE-2018-1949
- IBM » Security Identity Governance And IntelligenceVersions from including (>=) 5.2 and up to, including, (<=) 5.2.4.1cpe:2.3:a:ibm:security_identity_governance_and_intelligence:*:*:*:*:*:*:*:*