virus logo Intrusion Prevention

IBM.Identity.Governance.and.Intelligence.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection Vulnerability in IBM Security Identity Governance and Intelligence.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in a SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.

affected-products-logoAffected Products

IBM Security Identity Governance and Intelligence 5.2.3.2
IBM Security Identity Governance and Intelligence 5.2.4

Impact logoImpact

System Compromise: Remote attackers can access or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Upgrade to the latest version available from the website.
https://www.ibm.com/ca-en/marketplace/identity-governance-and-intelligence

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-10-31 13.482 Default_action:pass:drop
2018-10-11 13.471

References

https://www.exploit-db.com/exploits/45392/
ID 46980
Created Oct 12, 2018
Updated Oct 30, 2018
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-1756
Exploit Prediction Score 66.01%
Default Action drop
Active
Affected OS Windows
Affected App IBM