CVE-2017-1367 — Sensitive Information Exposure in IBM Security Identity Governance AND Intelligence

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

5.3MEDIUMNVD

CNA3.7

EPSS

0.2%

top 62.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Governance AND Intelligence

Timeline

PublishedJul 13

Latest updateMay 13

Description

IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/security_identity_governance_and_intelligence5.2.0 — 5.2.3.2

▶CVEListV5ibm/security_identity_governance_and_intelligence7 versions+6

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qmf9-w4gm-4xwr: IBM Security Identity Governance and Intelligence Virtual Appliance 5↗2022-05-13

▶

CVEList

CVE-2017-1367: IBM Security Identity Governance and Intelligence Virtual Appliance 5↗2018-07-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope↗2017-11-27

▶

💬Community

Bugzilla

CVE-2017-2639 CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA↗2017-03-06

▶

Bugzilla

CVE-2016-4457 CFME: default certificate used across all installs↗2016-05-31

▶