IBM Security Access Manager appliance is affected by a security vulnerability that could allow unauthorized operations when Advanced Access Control services are running.
CVEID: CVE-2018-1850 DESCRIPTION: IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized operations when Advanced Access Control services are running.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150998> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected IBM Security Access Manager Appliance | Affected Versions |
---|---|
IBM Security Access Manager | 9.0.3.1-9.0.5.0 |
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager | 9.0.3.1 - 9.0.5.0 | IJ10386 |
1. For versions prior to 9.0.5.0, upgrade to 9.0.5.0: 9.0.5-ISS-ISAM-FP0000
2. Apply 9.0.5.0 Interim Fix 2:
9.0.5.0-ISS-ISAM-IF0002
None.