IBM Security Identity Manager Multiple Security Vulnerabilities
BID:106554
CVE-2018-1956 | CVE-2018-1967 | CVE-2018-1969 |Info
IBM Security Identity Manager Multiple Security Vulnerabilities
| Bugtraq ID: | 106554 |
| Class: | Unknown |
| CVE: |
CVE-2018-1956 CVE-2018-1967 CVE-2018-1969 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2019 12:00AM |
| Updated: | Jan 10 2019 12:00AM |
| Credit: | Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza of IBM Security Systems Ethical Hacking Team. |
| Vulnerable: |
IBM Security Identity Manager 6.0 2 IBM Security Identity Manager 6.0 0 IBM Security Identity Manager 6.0.0.6 IBM Security Identity Manager 6.0.0.5 IBM Security Identity Manager 6.0.0.4 IBM Security Identity Manager 6.0.0.3 IBM Security Identity Manager 6.0.0.20 IBM Security Identity Manager 6.0.0.19 IBM Security Identity Manager 6.0.0.18 IBM Security Identity Manager 6.0.0.14 IBM Security Identity Manager 6.0.0.10 IBM Security Identity Manager 6.0.0.1 IBM Security Identity Manager 6.0.0 |
| Not Vulnerable: |
IBM Security Identity Manager 6.0.0.21 |
Discussion
IBM Security Identity Manager Multiple Security Vulnerabilities
IBM Security Identity Manager is prone to the following vulnerabilities:
1. A weak password security vulnerability
2. An arbitrary file-upload vulnerability
3. A cross-site scripting vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and launch other attacks, gain access to the system or to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
IBM Security Identity Manager version 6.0.0 through 6.0.0.20 are vulnerable.
IBM Security Identity Manager is prone to the following vulnerabilities:
1. A weak password security vulnerability
2. An arbitrary file-upload vulnerability
3. A cross-site scripting vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and launch other attacks, gain access to the system or to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
IBM Security Identity Manager version 6.0.0 through 6.0.0.20 are vulnerable.
Exploit / POC
IBM Security Identity Manager Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM Security Identity Manager Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM Security Identity Manager Multiple Security Vulnerabilities
References:
References: