Lucene search
IbmCVE-2018-1672HistoryOct 01, 2018 - 3:00 p.m.
CVE-2018-1672
2018-10-0115:00:00
CWE-287
ibm
web.nvd.nist.gov
47
ibm
websphere portal
7.0
8.0
8.5
9.0
user context
vulnerability
nvd
x-force
cve-2018-1672
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6
Confidence
High
EPSS
0.001
Percentile
32.0%
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
Affected configurations
Node
ibmwebsphere_portalMatch7.0.0.0
ORibmwebsphere_portalMatch7.0.0.1-
ORibmwebsphere_portalMatch7.0.0.1cf011
ORibmwebsphere_portalMatch7.0.0.1cf012
ORibmwebsphere_portalMatch7.0.0.1cf013
ORibmwebsphere_portalMatch7.0.0.1cf014
ORibmwebsphere_portalMatch7.0.0.1cf015
ORibmwebsphere_portalMatch7.0.0.1cf016
ORibmwebsphere_portalMatch7.0.0.1cf017
ORibmwebsphere_portalMatch7.0.0.1cf018
ORibmwebsphere_portalMatch7.0.0.1cf019
ORibmwebsphere_portalMatch7.0.0.1cf020
ORibmwebsphere_portalMatch7.0.0.2-
ORibmwebsphere_portalMatch7.0.0.2cf012
ORibmwebsphere_portalMatch7.0.0.2cf013
ORibmwebsphere_portalMatch7.0.0.2cf014
ORibmwebsphere_portalMatch7.0.0.2cf015
ORibmwebsphere_portalMatch7.0.0.2cf016
ORibmwebsphere_portalMatch7.0.0.2cf017
ORibmwebsphere_portalMatch7.0.0.2cf018
ORibmwebsphere_portalMatch7.0.0.2cf019
ORibmwebsphere_portalMatch7.0.0.2cf020
ORibmwebsphere_portalMatch7.0.0.2cf021
ORibmwebsphere_portalMatch7.0.0.2cf022
ORibmwebsphere_portalMatch7.0.0.2cf023
ORibmwebsphere_portalMatch7.0.0.2cf024
ORibmwebsphere_portalMatch7.0.0.2cf025
ORibmwebsphere_portalMatch7.0.0.2cf026
ORibmwebsphere_portalMatch7.0.0.2cf027
ORibmwebsphere_portalMatch7.0.0.2cf028
ORibmwebsphere_portalMatch7.0.0.2cf029
ORibmwebsphere_portalMatch7.0.0.2cf030
ORibmwebsphere_portalMatch8.0.0.0-
ORibmwebsphere_portalMatch8.0.0.0cf01
ORibmwebsphere_portalMatch8.0.0.0cf02
ORibmwebsphere_portalMatch8.0.0.0cf03
ORibmwebsphere_portalMatch8.0.0.0cf04
ORibmwebsphere_portalMatch8.0.0.0cf05
ORibmwebsphere_portalMatch8.0.0.0cf06
ORibmwebsphere_portalMatch8.0.0.1-
ORibmwebsphere_portalMatch8.0.0.1cf04
ORibmwebsphere_portalMatch8.0.0.1cf05
ORibmwebsphere_portalMatch8.0.0.1cf06
ORibmwebsphere_portalMatch8.0.0.1cf07
ORibmwebsphere_portalMatch8.0.0.1cf08
ORibmwebsphere_portalMatch8.0.0.1cf09
ORibmwebsphere_portalMatch8.0.0.1cf10
ORibmwebsphere_portalMatch8.0.0.1cf11
ORibmwebsphere_portalMatch8.0.0.1cf12
ORibmwebsphere_portalMatch8.0.0.1cf13
ORibmwebsphere_portalMatch8.0.0.1cf14
ORibmwebsphere_portalMatch8.0.0.1cf15
ORibmwebsphere_portalMatch8.0.0.1cf16
ORibmwebsphere_portalMatch8.0.0.1cf17
ORibmwebsphere_portalMatch8.0.0.1cf18
ORibmwebsphere_portalMatch8.0.0.1cf19
ORibmwebsphere_portalMatch8.0.0.1cf20
ORibmwebsphere_portalMatch8.0.0.1cf21
ORibmwebsphere_portalMatch8.0.0.1cf22
ORibmwebsphere_portalMatch8.0.0.1cf23
ORibmwebsphere_portalMatch8.5.0.0-
ORibmwebsphere_portalMatch8.5.0.0cf01
ORibmwebsphere_portalMatch8.5.0.0cf02
ORibmwebsphere_portalMatch8.5.0.0cf03
ORibmwebsphere_portalMatch8.5.0.0cf04
ORibmwebsphere_portalMatch8.5.0.0cf05
ORibmwebsphere_portalMatch8.5.0.0cf06
ORibmwebsphere_portalMatch8.5.0.0cf07
ORibmwebsphere_portalMatch8.5.0.0cf08
ORibmwebsphere_portalMatch8.5.0.0cf09
ORibmwebsphere_portalMatch8.5.0.0cf10
ORibmwebsphere_portalMatch8.5.0.0cf11
ORibmwebsphere_portalMatch8.5.0.0cf12
ORibmwebsphere_portalMatch8.5.0.0cf13
ORibmwebsphere_portalMatch8.5.0.0cf14
ORibmwebsphere_portalMatch8.5.0.0cf15
ORibmwebsphere_portalMatch9.0.0.0-
ORibmwebsphere_portalMatch9.0.0.0cf14
ORibmwebsphere_portalMatch9.0.0.0cf15
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:* |
| ibm | websphere_portal | 7.0.0.1 | cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:* |
CNA Affected
[
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
]Related
nessus
nessus
IBM WebSphere Portal Security Bypass Vulnerability (CVE-2018-1672)
2019-09-18 00:00:00
nvd
nvd
CVE-2018-1672
2018-10-01 14:29:00
prion
prion
Code injection
2018-10-01 14:29:00
cvelist
cvelist
CVE-2018-1672
2018-10-01 15:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6
Confidence
High
EPSS
0.001
Percentile
32.0%
Related for CVE-2018-1672