CVE-2018-1950
https://notcve.org/view.php?id=CVE-2018-1950
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430. IBM Security Identity Governance and Intelligence, desde la versión 5.2 hasta la 5.2.4.1 Virtual Appliance, genera un mensaje de error que incluye información sensible sobre su entorno, usuarios o datos asociados, todo lo cual se podría usar en futuros ataques contra el sistema, IBM X-Force ID: 153430. • https://exchange.xforce.ibmcloud.com/vulnerabilities/153430 https://www.ibm.com/support/docview.wss?uid=ibm10872142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1945
https://notcve.org/view.php?id=CVE-2018-1945
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. IBM Security Identity and Governance and Intelligence, desde la versión 5.2 hasta la 5.2.4.1 Virtual Appliance, podría permitir que un atacante remoto secuestre la acción de clicado de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clicado de la víctima y, probablemente, lanzar más ataques contra la víctima. • https://exchange.xforce.ibmcloud.com/vulnerabilities/153387 https://www.ibm.com/support/docview.wss?uid=ibm10872142 • CWE-20: Improper Input Validation •
CVE-2018-1757
https://notcve.org/view.php?id=CVE-2018-1757
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601. IBM Security Identity Governance and Intelligence 5.2.3.2 y 5.2.4 podría permitir que un atacante obtenga información sensible debido a la falta de autenticación en IGI para la aplicación de encuestas. IBM X-Force ID: 148601. • http://www.ibm.com/support/docview.wss?uid=ibm10728883 https://exchange.xforce.ibmcloud.com/vulnerabilities/148601 • CWE-306: Missing Authentication for Critical Function •
CVE-2018-1756 – IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-1756
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599. IBM Security Identity Governance and Intelligence 5.2.3.2 y 5.2.4 es vulnerable a una inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitir que el atacante viese información en la base de datos del backend. • https://www.exploit-db.com/exploits/45392 http://www.ibm.com/support/docview.wss?uid=ibm10728883 https://exchange.xforce.ibmcloud.com/vulnerabilities/148599 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •