Algorithm Negotiation Flaw in IBM Security Identity Governance and Intelligence
CVE-2018-1946

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 February 2019

Summary

The vulnerability in IBM Security Identity Governance and Intelligence versions up to 5.2.4.1 stems from a failure to enforce the selection of the strongest available algorithm between two negotiating parties for encryption and authentication. This oversight may expose communication channels to potential exploitation, allowing less secure algorithms to be used. Organizations using affected versions should ensure that proper algorithm selection mechanisms are implemented to safeguard sensitive information.

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.