IBM StoredIQ has addressed the vulnerability of not implementing proper authorization of user roles.
CVEID:CVE-2018-1928
DESCRIPTION: IBM StoredIQ does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user.
CVSS Base Score: 6.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153119> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Product | Affected Versions |
---|---|
IBM StoredIQ | 7.6.0.0. - 7.6.0.17 |
Product | VRMF | Remediation / First Fix |
---|---|---|
IBM StoredIQ | 7.6.0.17 | Upgrade to latest fix pack 7.6.0.17 and apply Interim Fix 7.6.0.17-IBMStoredIQ-LinuxX86_64-if001 that is available from Fix Central https://www.ibm.com/support/fixcentral/ |
None