CVE-2018-1509
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
02/10/2018
Last modified:
17/06/2026
Description
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.
Impact
Base Score 3.x
3.70
Severity 3.x
LOW
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:security_guardium:10.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.ibm.com/support/docview.wss?uid=ibm10730321
- http://www.securitytracker.com/id/1041759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/141417
- http://www.ibm.com/support/docview.wss?uid=ibm10730321
- http://www.securitytracker.com/id/1041759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/141417



