CVE-2018-0908

Name of the Vulnerable Software and Affected Versions: Microsoft Identity Manager 2016 SP1

Description: The issue arises from the improper sanitization of a specially crafted attribute value, which is displayed to a user on an affected server. This allows an attacker to gain elevated privileges.

Recommendations: For Microsoft Identity Manager 2016 SP1, ensure that all attribute values are properly sanitized before being displayed to users to prevent elevation of privilege attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.