LiveActive security incident?Get immediate response
CVE Record

CVE-2018-1948: IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the se...

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.

MediumCVSS 4.3Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This flaw means affected IBM identity-governance appliances may send login/session cookies over unencrypted HTTP. If a user is induced to hit an insecure link and traffic is observable, an attacker could capture cookie values. That could expose session data, but the cited scoring limits impact to confidentiality and requires user interaction.

Executive priority

Treat as a moderate-priority identity-platform hygiene issue. It is not cited as actively exploited, but it affects session confidentiality in an identity governance system. Validate version exposure and close any vendor-supported remediation gap during the next security maintenance window.

Technical view

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance did not set the Secure attribute on authorization tokens or session cookies. CVSS 3.0 is 4.3 with network attack vector, low complexity, no privileges, required user interaction, and low confidentiality impact only.

Likely exposure

Exposure is limited to organizations running the listed IBM Security Identity Governance and Intelligence Virtual Appliance versions. Risk is most relevant where users can be lured to HTTP links and traffic can be observed between the browser and appliance-related endpoint.

Exploitation context

The source bundle does not show CISA KEV listing or other evidence of active exploitation. The described attack requires user interaction and an opportunity to observe insecure HTTP traffic. No exploit code or public weaponization evidence is provided in the supplied sources.

Researcher notes

Evidence is clear on affected versions, missing Secure cookie attribute, and CVSS 4.3. The bundle does not provide exact fixed build details or operational workaround text. Avoid assuming broader IBM products are affected beyond the named Virtual Appliance versions.

Mitigation direction

  • Inventory IBM Security Identity Governance and Intelligence Virtual Appliance versions in use.
  • If affected, review IBM advisory guidance and apply the vendor-supported remediation.
  • Reduce or eliminate HTTP access paths associated with the appliance.
  • Enforce HTTPS-only access through configuration and network controls where supported.
  • Review session-management hardening controls after remediation.

Validation and detection

  • Confirm whether any appliance is version 5.2 through 5.2.4.1.
  • In an approved test session, verify session cookies include the Secure attribute.
  • Check whether HTTP requests to appliance-related hosts are possible.
  • Review IBM advisory status against installed build and maintenance level.
  • Look for historical HTTP access patterns involving authenticated users.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2018-1948 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.3 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:R/E:U/RC:C/RL:O

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.3CVSS 3.0MediumCVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:R/E:U/RC:C/RL:O2.81.4Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

4.3Medium
CVSS 3.0 vector shape for CVE-2018-1948Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:R/E:U/RC:C/RL:O

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
IBMSecurity Identity Governance and Intelligence5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2, 5.2.4, 5.2.4.1Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.