IBM72128CC4690ABB89E31803295B51D881ED5E18BD3E3E8D7279D9D9838293B902Security Bulletin: IBM Security Access Manager Appliance is affected by a security vulnerability (CVE-2018-1850)
0.002 Low
EPSS
Percentile
57.8%
Summary
IBM Security Access Manager appliance is affected by a security vulnerability that could allow unauthorized operations when Advanced Access Control services are running.
Vulnerability Details
CVEID: CVE-2018-1850 DESCRIPTION: IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized operations when Advanced Access Control services are running.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150998> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected IBM Security Access Manager Appliance | Affected Versions |
|---|---|
| IBM Security Access Manager | 9.0.3.1-9.0.5.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Security Access Manager | 9.0.3.1 - 9.0.5.0 | IJ10386 |
1. For versions prior to 9.0.5.0, upgrade to 9.0.5.0: 9.0.5-ISS-ISAM-FP0000
2. Apply 9.0.5.0 Interim Fix 2:
9.0.5.0-ISS-ISAM-IF0002
Workarounds and Mitigations
None.
Related
0.002 Low
EPSS
Percentile
57.8%