First published: Thu Feb 21 2019(Updated: )
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Identity Governance and Intelligence | >=5.2<=5.2.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-1946 is high with a severity value of 7.5.
IBM Security Identity Governance and Intelligence versions 5.2 through 5.2.4.1 are affected by CVE-2018-1946.
CVE-2018-1946 is a vulnerability in IBM Security Identity Governance and Intelligence that allows multiple actors to negotiate an encryption or authentication algorithm, but it does not select the strongest mechanism.
To mitigate the vulnerability in CVE-2018-1946, it is recommended to update IBM Security Identity Governance and Intelligence to a version that does not have the vulnerability.
More information about CVE-2018-1946 can be found on the IBM X-Force Exchange website and the IBM support website.