CVE-2017-1396 — IBM Security Identity Governance AND Intelligence vulnerability

CWE-2753 documents3 sources

Severity

8.1HIGHNVD

CNA4.2

EPSS

0.1%

top 67.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Governance AND Intelligence

Timeline

PublishedAug 6

Latest updateMay 13

Description

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5ibm/security_identity_governance_and_intelligence7 versions+6

▶NVDibm/security_identity_governance_and_intelligence7 versions+6

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-q2fm-j6pp-42xq: IBM Security Identity Governance Virtual Appliance 5↗2022-05-13

▶

CVEList

CVE-2017-1396: IBM Security Identity Governance Virtual Appliance 5↗2018-08-06

▶