CNVD-2018-23245

Vulnerability from cnvd - Published: 2018-11-15
VLAI
Title
IBM Security Identity Governance and Intelligence Virtual Appliance信息泄露漏洞
Description
IBM Security Identity Governance and Intelligence Virtual Appliance是美国IBM公司的一套身份管理和治理解决方案。该产品包括了生命周期管理、访问风险评估和身份认证管理等功能。 IBM Security Identity Governance and Intelligence Virtual Appliance 5.2版本至5.2.3.2版本中存在安全漏洞,该漏洞源于程序未能正确的打开HHTTP Strict Transport Security功能。远程攻击者可利用该漏洞实施中间人攻击,获取敏感信息。
Severity
Patch Name
IBM Security Identity Governance and Intelligence Virtual Appliance信息泄露漏洞的补丁
Patch Description
IBM Security Identity Governance and Intelligence Virtual Appliance是美国IBM公司的一套身份管理和治理解决方案。该产品包括了生命周期管理、访问风险评估和身份认证管理等功能。 IBM Security Identity Governance and Intelligence Virtual Appliance 5.2版本至5.2.3.2版本中存在安全漏洞,该漏洞源于程序未能正确的打开HHTTP Strict Transport Security功能。远程攻击者可利用该漏洞实施中间人攻击,获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg22016869

Reference
http://www-01.ibm.com/support/docview.wss?uid=swg22016869
Impacted products
Name
IBM Security Identity Governance and Intelligence Virtual Appliance >=5.2,<=5.2.3.2
Show details on source website

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1395",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1395"
    }
  },
  "description": "IBM Security Identity Governance and Intelligence Virtual Appliance\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u8eab\u4efd\u7ba1\u7406\u548c\u6cbb\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u5305\u62ec\u4e86\u751f\u547d\u5468\u671f\u7ba1\u7406\u3001\u8bbf\u95ee\u98ce\u9669\u8bc4\u4f30\u548c\u8eab\u4efd\u8ba4\u8bc1\u7ba1\u7406\u7b49\u529f\u80fd\u3002\n\nIBM Security Identity Governance and Intelligence Virtual Appliance 5.2\u7248\u672c\u81f35.2.3.2\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u6253\u5f00HHTTP Strict Transport Security\u529f\u80fd\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22016869",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23245",
  "openTime": "2018-11-15",
  "patchDescription": "IBM Security Identity Governance and Intelligence Virtual Appliance\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u8eab\u4efd\u7ba1\u7406\u548c\u6cbb\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u5305\u62ec\u4e86\u751f\u547d\u5468\u671f\u7ba1\u7406\u3001\u8bbf\u95ee\u98ce\u9669\u8bc4\u4f30\u548c\u8eab\u4efd\u8ba4\u8bc1\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Identity Governance and Intelligence Virtual Appliance 5.2\u7248\u672c\u81f35.2.3.2\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u6253\u5f00HHTTP Strict Transport Security\u529f\u80fd\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Identity Governance and Intelligence Virtual Appliance\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Security Identity Governance and Intelligence Virtual Appliance \u003e=5.2\uff0c\u003c=5.2.3.2"
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22016869",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-17",
  "title": "IBM Security Identity Governance and Intelligence Virtual Appliance\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…