CVE-2018-1887

CWE-798Hard-coded Credentials3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access ManagerIBM Security Access Manager Appliance
Timeline
PublishedDec 13
Latest updateMay 13

Description

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 1.4 | Impact: 4.0

Affected Packages2 packages

NVDibm/security_access_manager9.0.1.09.0.5.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-575j-f3xm-vq93: IBM Security Access Manager Appliance 92022-05-13
CVEList
CVE-2018-1887: IBM Security Access Manager Appliance 92018-12-13
CVE-2018-1887 (HIGH CVSS 7.8) | IBM Security Access Manager Applian | cvebase.io