PT-2018-12567 · Ibm · Ibm Security Identity Manager Virtual Appliance

Published

2018-06-08

Updated

2019-10-09

CVE-2018-1453

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager Virtual Appliance version 7.0

Description The issue allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment.

Recommendations For IBM Security Identity Manager Virtual Appliance version 7.0, consider restricting file uploads to only safe and necessary file types until a patch is available. As a temporary workaround, implement additional validation and sanitization for uploaded files to prevent automatic processing of dangerous file types.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-1453

Affected Products

Ibm Security Identity Manager Virtual Appliance

PT-2018-12567 · Ibm · Ibm Security Identity Manager Virtual Appliance

CVE-2018-1453

Weakness Enumeration

Related Identifiers

Affected Products

References · 5