Privilege Escalation in IBM StoredIQ Affects User Role Security
CVE-2018-1928
6.7MEDIUM
Summary
IBM StoredIQ version 7.6.0 is vulnerable due to improper authorization of user roles. This flaw allows low privileged users to access high privileged user application endpoints and execute state-changing actions that should be restricted. This security oversight can compromise the integrity of the application by elevating user privileges without proper authorization.
Affected Version(s)
StoredIQ 7.6.0
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved