Cross-Site Scripting Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2018-1947

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 21 February 2019

Summary

The IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is exposed to a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code through the Web UI. This security loophole can lead to the alteration of the user interface's intended functionality, potentially enabling the disclosure of sensitive credentials during trusted sessions. This issue could have significant implications for user privacy and security, making it crucial for organizations to address and mitigate.

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/153427

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10872142

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 21, 2019
Vulnerability Reserved
Dec 13, 2017