Clickjacking Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2018-1945

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 21 February 2019

Summary

A vulnerability in IBM Security Identity Governance and Intelligence from versions 5.2 through 5.2.4.1 allows for a remote attacker to exploit clickjacking techniques. By tricking users into visiting a malicious website, the attacker can hijack the victim's click actions, potentially launching more severe attacks. This vulnerability exposes users to significant security risks, making it essential for organizations to apply the necessary mitigations.

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

https://www.ibm.com/support/docview.wss?uid=ibm10872142

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/153387

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 21, 2019
Vulnerability Reserved
Dec 13, 2017