Sensitive Information Disclosure in IBM Security Privileged Identity Manager
CVE-2017-1705

4.3MEDIUM

Key Information:

Vendor

IBM
Status
Security Privileged Identity Manager
Vendor
CVE Published:
30 March 2018

What is CVE-2017-1705?

IBM Security Privileged Identity Manager 2.1.0 has a vulnerability that allows sensitive information to be disclosed through residual data in page comments. Although this information is not initially visible on the application's user interface, it can be accessed via the page source. This can potentially lead to unauthorized disclosure of information that should remain confidential, exposing users and organizations to security risks.

Affected Version(s)

Security Privileged Identity Manager 2.1.0

References

http://www.ibm.com/support/docview.wss?uid=swg22014988
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103677
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/134427
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.