PT-2018-14901 · Ibm · Ibm Storediq

Published

2018-11-30

Updated

2019-10-09

CVE-2018-1928

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM StoredIQ version 7.6.0

Description The issue is related to improper authorization of user roles. A low-privileged user can access application endpoints and perform state-changing actions that are restricted to high-privileged users.

Recommendations For IBM StoredIQ version 7.6.0, consider restricting access to sensitive endpoints and state-changing actions to high-privileged users until a proper authorization mechanism is implemented. As a temporary workaround, limit the privileges of low-privileged users to prevent them from accessing restricted endpoints and performing unauthorized actions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1928

Affected Products

Ibm Storediq

PT-2018-14901 · Ibm · Ibm Storediq

CVE-2018-1928

Related Identifiers

Affected Products

References · 4