PT-2019-9890 · Ibm · Ibm Security Identity Manager

Chris Shepherd

Publicado

2019-01-14

Atualizado

2019-10-09

CVE-2018-1969

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager version 6.0.0

Description The issue allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Recommendations For IBM Security Identity Manager version 6.0.0, consider restricting file uploads to only safe and necessary file types until a patch is available. As a temporary workaround, disabling automatic file processing can help minimize the risk of exploitation.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2018-1969

Produtos afetados

Ibm Security Identity Manager

PT-2019-9890 · Ibm · Ibm Security Identity Manager

CVE-2018-1969

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5