Vulnerability Key Information Summary IBM Security Identity Manager VA (ISIM VA) has issued an advisory regarding the following vulnerabilities, including hardcoded credentials, improper session termination, and XML External Entity (XXE) injection. Vulnerability Details CVE-2018-1959 - Description: IBM Security Identity Manager Virtual Appliance contains hardcoded credentials used for internal authentication, communication with external components, or internal data encryption. - CVSS Base Score: 5.1 - CVSS Environmental Score: Not Defined - CVSS Vector: CVE-2018-1962 - Description: IBM Security Identity Manager Virtual Appliance does not properly invalidate session tokens upon clicking the logout button, allowing attackers to exploit un-terminated sessions for local access. - CVSS Base Score: 4.0 - CVSS Environmental Score: Not Defined - CVSS Vector: CVE-2018-1970 - Description: IBM Security Identity Manager is vulnerable to XML External Entity (XXE) injection, potentially exposing sensitive information during XML data processing. - CVSS Base Score: 7.1 - CVSS Environmental Score: Not Defined - CVSS Vector: Affected Products and Versions Product: IBM Security Identity Manager VA Versions: 7.0.1 - 7.0.1.10 Remediation / Fix Product: IBM Security Identity Manager VA Version Range: 7.0.1 - 7.0.1.10 Fix: 7.0.1-ISS-SIM-FP0011