Incorrect Permission Management in IBM Security Guardium Big Data Intelligence
CVE-2018-1370

4.2MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium Big Data Intelligence
Vendor: CVE Published:; 29 May 2018

What is CVE-2018-1370?

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 contains a vulnerability that incorrectly specifies permissions for a security-sensitive resource. This misconfiguration can potentially allow unauthorized users to read or modify the resource, exposing critical data integrity risks and enabling inappropriate access within the system. Organizations utilizing this version should address the issue promptly to safeguard sensitive information from unintended actors.

Affected Version(s)

Security Guardium Big Data Intelligence 3.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/137769

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg22016132

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2018
Vulnerability Reserved
Dec 13, 2017