Access Control Misconfiguration in IBM WebSphere Portal Products
CVE-2018-1420

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Portal
Vendor: CVE Published:; 1 October 2018

🔔 Create IBM Vulnerability Alert

What is CVE-2018-1420?

The vulnerability in IBM WebSphere Portal arises when the Combined Cumulative Fix (CF) installation resets access control settings to their default configuration. This behavior may result in unintended exposure of sensitive information and compromised system security due to improper access controls.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138950

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=swg22014276

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041767

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2018
Vulnerability Reserved
Dec 13, 2017

.