{"containers": {"cna": {"affected": [{"product": "Security Identity Governance and Intelligence", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.2.1"}, {"status": "affected", "version": "5.2.2"}, {"status": "affected", "version": "5.2.2.1"}, {"status": "affected", "version": "5.2.3"}, {"status": "affected", "version": "5.2.3.1"}, {"status": "affected", "version": "5.2.3.2"}]}], "datePublic": "2018-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-06T13:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-sig-cve20171411-info-disc(127399)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-08-01T00:00:00", "ID": "CVE-2017-1411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Security Identity Governance and Intelligence", "version": {"version_data": [{"version_value": "5.2"}, {"version_value": "5.2.1"}, {"version_value": "5.2.2"}, {"version_value": "5.2.2.1"}, {"version_value": "5.2.3"}, {"version_value": "5.2.3.1"}, {"version_value": "5.2.3.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "ibm-sig-cve20171411-info-disc(127399)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:32:29.854Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-sig-cve20171411-info-disc(127399)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1411", "datePublished": "2018-08-06T14:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T01:25:32.529Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "21A3FF17-CA69-4AD0-9E2F-08EF894E4707", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F8B59F0-C465-476F-9775-09D411D9C019", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CDADC801-315E-4B7F-8464-CEFC6934A657", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6ACF2C48-1490-4114-84D3-94F13D2375AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1DBF441F-7F14-4626-B705-8E422BAE4348", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A5F964B-B22B-43F0-9B2D-F3FB3C0EF0B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F7911BA-F5BF-44FD-A377-0B25EAFC2930", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399."}, {"lang": "es", "value": "IBM Security Identity Governance Virtual Appliance, desde la versi\u00f3n 5.2 hasta la 5.2.3.2, no requiere que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 127399."}], "id": "CVE-2017-1411", "lastModified": "2024-11-21T03:21:50.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-06T14:29:00.450", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}