Security Identity Adapter data traffic to/from IGI and ISIM server is not encrypted by default. Adapter installers have been updated to enable SSL by default. The customer can choose during installation to disable SSL. Note that keeping the SSL enablement option requires certificates to be imported.
CVE(s): CVE-2017-1362
Affected product(s) and affected version(s):
IBM Security Identity Manager v6.0 Adapters
Security Identity Adapters v7.x for ISIM 7.0, IGI 5.2.x, and PIM 2.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xttRcb
X-Force Database: http://ift.tt/2wM4q1N
The post IBM Security Bulletin: Security Identity Adapter data traffic to/from server is not encrypted by default appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2xsRTUw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.