Algorithm Negotiation Flaw in IBM Security Identity Governance and Intelligence
CVE-2018-1946
5.9MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 21 February 2019
Summary
The vulnerability in IBM Security Identity Governance and Intelligence versions up to 5.2.4.1 stems from a failure to enforce the selection of the strongest available algorithm between two negotiating parties for encryption and authentication. This oversight may expose communication channels to potential exploitation, allowing less secure algorithms to be used. Organizations using affected versions should ensure that proper algorithm selection mechanisms are implemented to safeguard sensitive information.
Affected Version(s)
Security Identity Governance and Intelligence 5.2
Security Identity Governance and Intelligence 5.2.1
Security Identity Governance and Intelligence 5.2.2
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved