Access Control Flaw in IBM InfoSphere Master Data Management Collaboration Server
CVE-2018-1380

2.7LOW

Key Information:

Vendor: IBM
Status: Infosphere Master Data Management Collaboration Server
Vendor: CVE Published:; 29 October 2018

Summary

An access control vulnerability exists in the IBM InfoSphere Master Data Management Collaboration Server, where an authenticated user with CA level access can exploit their permissions to alter their CA ID. This manipulation allows the user to gain access to sensitive information of other users, thus posing a significant risk to data confidentiality and integrity.

Affected Version(s)

InfoSphere Master Data Management Collaboration Server 11.4

InfoSphere Master Data Management Collaboration Server 11.5

InfoSphere Master Data Management Collaboration Server 11.6

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138077

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10735411

x_refsource_CONFIRM

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2018
Vulnerability Reserved
Dec 13, 2017