CVE-2017-1409 — Sensitive Information Exposure in IBM Security Identity Governance AND Intelligence

CWE-200 — Sensitive Information Exposure6 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Governance AND Intelligence

Timeline

PublishedAug 6

Latest updateMay 13

Description

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/security_identity_governance_and_intelligence7 versions+6

▶NVDibm/security_identity_governance_and_intelligence7 versions+6

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5r2-9rjq-m9cw: IBM Security Identity Governance Virtual Appliance 5↗2022-05-13

▶

CVEList

CVE-2017-1409: IBM Security Identity Governance Virtual Appliance 5↗2018-08-06

▶

💬Community

Bugzilla

CVE-2017-2666 undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests↗2017-03-27

▶