Access Control Flaw in IBM InfoSphere Master Data Management Collaboration Server
CVE-2018-1380
2.7LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 29 October 2018
Summary
An access control vulnerability exists in the IBM InfoSphere Master Data Management Collaboration Server, where an authenticated user with CA level access can exploit their permissions to alter their CA ID. This manipulation allows the user to gain access to sensitive information of other users, thus posing a significant risk to data confidentiality and integrity.
Affected Version(s)
InfoSphere Master Data Management Collaboration Server 11.4
InfoSphere Master Data Management Collaboration Server 11.5
InfoSphere Master Data Management Collaboration Server 11.6
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved