CVE-2018-1928

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storediq:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:00

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 2.1
v3 : 6.7
References () http://www.ibm.com/support/docview.wss?uid=ibm10741611 - Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=ibm10741611 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/153119 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/153119 - VDB Entry, Vendor Advisory

Information

Published : 2018-11-30 15:29

Updated : 2024-11-21 04:00


NVD link : CVE-2018-1928

Mitre link : CVE-2018-1928

CVE.ORG link : CVE-2018-1928


JSON object : View

Products Affected

ibm

  • storediq