Cross-Site Scripting Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2018-1947

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 February 2019

Summary

The IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is exposed to a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code through the Web UI. This security loophole can lead to the alteration of the user interface's intended functionality, potentially enabling the disclosure of sensitive credentials during trusted sessions. This issue could have significant implications for user privacy and security, making it crucial for organizations to address and mitigate.

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.