Input Validation Flaw in IBM Security Access Manager Appliance
CVE-2018-1813

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager Appliance
Vendor: CVE Published:; 13 December 2018

What is CVE-2018-1813?

The IBM Security Access Manager Appliance suffers from an input validation flaw that results from incomplete blacklisting. This vulnerability enables attackers to bypass critical application controls, potentially leading to unauthorized access and manipulation of system data. As a consequence, the integrity of the system and its data can be significantly compromised. Administrators are advised to review the product versions and apply necessary security measures to mitigate this risk.

Affected Version(s)

Security Access Manager Appliance 9.0.1.0

Security Access Manager Appliance 9.0.2.0

Security Access Manager Appliance 9.0.3.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10787785

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/150017

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Dec 13, 2017