Local File Read Vulnerability in IBM i2 Enterprise Insight Analysis
CVE-2018-1505

4MEDIUM

Key Information:

Vendor: IBM
Status: I2 Enterprise Insight Analysis
Vendor: CVE Published:; 6 December 2018

Summary

IBM i2 Enterprise Insight Analysis version 2.1.7 contains a vulnerability that allows web pages to be stored locally on the system. This stored data can potentially be accessed by unauthorized users, leading to data exposure. This issue highlights the need for proper access controls and data handling mechanisms within the application to prevent unauthorized access to sensitive information.

Affected Version(s)

i2 Enterprise Insight Analysis 2.1.7

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/141413

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10738699

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2018
Vulnerability Reserved
Dec 13, 2017