Information Disclosure Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2018-1625

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Privileged Identity Manager
Vendor: CVE Published:; 2 April 2019

What is CVE-2018-1625?

The IBM Security Privileged Identity Manager Virtual Appliance version 2.2.1 presents an information disclosure vulnerability. This issue arises when the appliance generates error messages that inadvertently reveal sensitive information about the system's environment, users, or related data. Attackers can exploit this flaw to gain insights into the configuration and operational details of the appliance, potentially leading to further compromises in security. For more information, refer to the official IBM support documentation.

Affected Version(s)

Security Privileged Identity Manager 2.1.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10879093

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/144410

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2019
Vulnerability Reserved
Dec 13, 2017