Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAC614B846C46D36977A61CFBDB602D4582D44D282F79B82141ACB270813F796E
HistoryNov 28, 2018 - 3:40 p.m.

Security Bulletin: IBM StoredIQ Privilege Insufficient Authorization

2018-11-2815:40:01
www.ibm.com
7

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary

IBM StoredIQ has addressed the vulnerability of not implementing proper authorization of user roles.

Vulnerability Details

CVEID:CVE-2018-1928
DESCRIPTION: IBM StoredIQ does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user.
CVSS Base Score: 6.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153119&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product Affected Versions
IBM StoredIQ 7.6.0.0. - 7.6.0.17

Remediation/Fixes

Product VRMF Remediation / First Fix
IBM StoredIQ 7.6.0.17 Upgrade to latest fix pack 7.6.0.17 and apply Interim Fix 7.6.0.17-IBMStoredIQ-LinuxX86_64-if001 that is available from Fix Central https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

None

CPENameOperatorVersion
storediqeq7.6.0

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2018-1928
2018-11-28 00:00:00
nvd
nvd
CVE-2018-1928
2018-11-30 15:29:00
cve
cve
CVE-2018-1928
2018-11-30 15:29:00
prion
prion
Authorization
2018-11-30 15:29:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for AC614B846C46D36977A61CFBDB602D4582D44D282F79B82141ACB270813F796E
cvelist1nvd1cve1prion1