CVE-2018-1928

Name of the Vulnerable Software and Affected Versions IBM StoredIQ version 7.6.0

Description The issue is related to improper authorization of user roles. A low-privileged user can access application endpoints and perform state-changing actions that are restricted to high-privileged users.

Recommendations For IBM StoredIQ version 7.6.0, consider restricting access to sensitive endpoints and state-changing actions to high-privileged users until a proper authorization mechanism is implemented. As a temporary workaround, limit the privileges of low-privileged users to prevent them from accessing restricted endpoints and performing unauthorized actions.