(CVE-2018-1756 & CVE-2018-1757) - IBM Vulnerability Disclosure Report
from : September 07, 2018
to: September 07, 2018
IBM has released a fixpack for its Security Identity Governance and Intelligence (IGI) software to address CVE-2018-1756 and CVE-2018-1757. Those two vulnerabilities have been reported by SecureMisr’s consultant and researcher Mohamed Sayed.
The vulnerabilities impact IBM Security Identity Governance and Intelligence software versions 18.104.22.168 and 5.2.4. IBM Security Identity Governance and Intelligence (IGI) software is vulnerable to SQL injection (CVE-2018-1756) which could allow a remote attacker to view information in the back-end database. The software is also vulnerable to sensitive information disclosure due to missing authentication in its survey application (CVE-2018-1757).
SecureMisr is making this disclosure in accordance with its responsible disclosure practices after a fix has been released by IBM.