Cross-Site Scripting Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2018-1947
6.1MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 21 February 2019
Summary
The IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is exposed to a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code through the Web UI. This security loophole can lead to the alteration of the user interface's intended functionality, potentially enabling the disclosure of sensitive credentials during trusted sessions. This issue could have significant implications for user privacy and security, making it crucial for organizations to address and mitigate.
Affected Version(s)
Security Identity Governance and Intelligence 5.2
Security Identity Governance and Intelligence 5.2.1
Security Identity Governance and Intelligence 5.2.2
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved