Privilege Escalation in IBM StoredIQ Affects User Role Security
CVE-2018-1928

6.7MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
30 November 2018

Summary

IBM StoredIQ version 7.6.0 is vulnerable due to improper authorization of user roles. This flaw allows low privileged users to access high privileged user application endpoints and execute state-changing actions that should be restricted. This security oversight can compromise the integrity of the application by elevating user privileges without proper authorization.

Affected Version(s)

StoredIQ 7.6.0

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.