(CVE-2018-1756 & CVE-2018-1757) - IBM Vulnerability Disclosure Report

from : September 07, 2018 to: September 07, 2018

IBM has released a fixpack for its Security Identity Governance and Intelligence (IGI) software to address CVE-2018-1756 and CVE-2018-1757. Those two vulnerabilities have been reported by SecureMisr’s consultant and researcher Mohamed Sayed.

The vulnerabilities impact IBM Security Identity Governance and Intelligence software versions 5.2.3.2 and 5.2.4. IBM Security Identity Governance and Intelligence (IGI) software is vulnerable to SQL injection (CVE-2018-1756) which could allow a remote attacker to view information in the back-end database. The software is also vulnerable to sensitive information disclosure due to missing authentication in its survey application (CVE-2018-1757).

SecureMisr is making this disclosure in accordance with its responsible disclosure practices after a fix has been released by IBM.