SB2022071208 - Information disclosure in IBM Security Verify Information Queue
Published: July 12, 2022
Security Bulletin ID
SB2022071208
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2018-1337)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the SSL Filter and allows for another thread to use the connection before the TLS layer has been established. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-apache-ldap-api-with-a-known-vulnerability-cve-2018-1337/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-apache-ldap-api-with-a-known-vulnerability-cve-2018-1337/</a><br><a
- https://www.ibm.com/support/pages/node/6602765"
- https://www.ibm.com/support/pages/node/6602765</a><br><br><br></p>