IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.
References
Link | Resource |
---|---|
http://www.ibm.com/support/docview.wss?uid=ibm10741611 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/153119 | VDB Entry Vendor Advisory |
http://www.ibm.com/support/docview.wss?uid=ibm10741611 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/153119 | VDB Entry Vendor Advisory |
Configurations
History
21 Nov 2024, 04:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 6.7 |
References | () http://www.ibm.com/support/docview.wss?uid=ibm10741611 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/153119 - VDB Entry, Vendor Advisory |
Information
Published : 2018-11-30 15:29
Updated : 2024-11-21 04:00
NVD link : CVE-2018-1928
Mitre link : CVE-2018-1928
CVE.ORG link : CVE-2018-1928
JSON object : View
Products Affected
ibm
- storediq
CWE