Cross-Site Scripting Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2018-1947

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 21 February 2019

What is CVE-2018-1947?

The IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is exposed to a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code through the Web UI. This security loophole can lead to the alteration of the user interface's intended functionality, potentially enabling the disclosure of sensitive credentials during trusted sessions. This issue could have significant implications for user privacy and security, making it crucial for organizations to address and mitigate.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/153427

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10872142

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 21, 2019
Vulnerability Reserved
Dec 13, 2017

JSON

IBM