Privilege Escalation in IBM StoredIQ Affects User Role Security
CVE-2018-1928

6.7MEDIUM

Key Information:

Vendor: IBM
Status: Storediq
Vendor: CVE Published:; 30 November 2018

Summary

IBM StoredIQ version 7.6.0 is vulnerable due to improper authorization of user roles. This flaw allows low privileged users to access high privileged user application endpoints and execute state-changing actions that should be restricted. This security oversight can compromise the integrity of the application by elevating user privileges without proper authorization.

Affected Version(s)

StoredIQ 7.6.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/153119

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10741611

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2018
Vulnerability Reserved
Dec 13, 2017