Unauthorized Administration Operations in IBM Security Access Manager Appliance
CVE-2018-1850

8.8HIGH

Key Information:

Vendor
IBM
Status
Security Access Manager Appliance
Vendor
CVE Published:
22 October 2018

Summary

The IBM Security Access Manager Appliance versions 9.0.3.1, 9.0.4.0, and 9.0.5.0 have a vulnerability that may permit unauthorized users to perform administrative operations when Advanced Access Control services are enabled. This flaw could lead to potential security breaches if not addressed, allowing individuals without proper permissions access to sensitive administrative functionalities.

Affected Version(s)

Security Access Manager Appliance 9.0.3.1

Security Access Manager Appliance 9.0.4.0

Security Access Manager Appliance 9.0.5.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/150998
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ibm10734555
x_refsource_CONFIRM
http://www.securitytracker.com/id/1042036
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.