Medium Severity

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)

Share this post:

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Identity Governance and Intelligence 5.2.4
IBM Security Identity Governance and Intelligence 5.2.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1284778

More stories

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Apr 1, 2020 8:00 pm EDT | Medium Severity

A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE. ...read more


Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks

Apr 1, 2020 8:00 pm EDT | Medium Severity

IBM Process Federation Server Global Teams REST API does not properly shut down the thread pools that it creates, leading to OutOfMemory exceptions, and could be targeted by DoS attacks. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Mar 31, 2020 8:01 pm EDT | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. ...read more