Unauthorized Administration Operations in IBM Security Access Manager Appliance
CVE-2018-1850

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
22 October 2018

Summary

The IBM Security Access Manager Appliance versions 9.0.3.1, 9.0.4.0, and 9.0.5.0 have a vulnerability that may permit unauthorized users to perform administrative operations when Advanced Access Control services are enabled. This flaw could lead to potential security breaches if not addressed, allowing individuals without proper permissions access to sensitive administrative functionalities.

Affected Version(s)

Security Access Manager Appliance 9.0.3.1

Security Access Manager Appliance 9.0.4.0

Security Access Manager Appliance 9.0.5.0

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.