CVE-2018-1420

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Portal
Vendor: CVE Published:; 1 October 2018

Summary

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138950

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=swg22014276

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041767

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2018
Vulnerability Reserved
Dec 13, 2017

.