CVE-2018-1928

3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 86.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Storediq
Timeline
PublishedNov 30
Latest updateMay 13

Description

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.4 | Impact: 5.2

Affected Packages2 packages

NVDibm/storediq7.6.0.07.6.0.17
CVEListV5ibm/storediq7.6.0

🔴Vulnerability Details

2
GHSA
GHSA-2r9r-8crm-q8p5: IBM StoredIQ 72022-05-13
CVEList
CVE-2018-1928: IBM StoredIQ 72018-11-30
CVE-2018-1928 (MEDIUM CVSS 5.5) | IBM StoredIQ 7.6.0 does not impleme | cvebase.io