CVE-2018-1380

CWE-200 — Information Exposure4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 57.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management Collaboration Server IBM Infosphere Master Data Management

Timeline

PublishedOct 29

Latest updateMay 13

Description

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/infosphere_master_data_management_collaboration_server11.4, 11.5, 11.6+2

▶NVDibm/infosphere_master_data_management11.4, 11.5, 11.6+2

🔴Vulnerability Details

GHSA

GHSA-46wj-mw97-rphj: IBM InfoSphere Master Data Management Collaboration Server 11↗2022-05-13

▶

CVEList

CVE-2018-1380: IBM InfoSphere Master Data Management Collaboration Server 11↗2018-10-29

▶

💬Community

Bugzilla

CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch↗2018-03-23

▶