Vulnerabilities > IBM > Security Identity Governance AND Intelligence
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2017-1411 | Insufficiently Protected Credentials vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2018-08-06 | CVE-2017-1409 | Information Exposure vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. | 5.3 |
| 2018-08-06 | CVE-2017-1396 | Permission Issues vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2018-08-06 | CVE-2017-1368 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. | 6.5 |
| 2018-08-06 | CVE-2017-1366 | Inadequate Encryption Strength vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2018-07-13 | CVE-2017-1395 | Information Exposure vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2018-07-13 | CVE-2017-1367 | Information Exposure vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. | 5.3 |
| 2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.6 |
| 2017-09-28 | CVE-2017-1407 | Command Injection vulnerability in IBM products IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |