Main Vulnerability Database SB2018072701

SB2018072701 - Security restrictions bypass in IBM Security Identity Manager Virtual Appliance

Published: July 27, 2018

Security Bulletin ID SB2018072701

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Unrestricted upload of file with dangerous type (CVE-ID: CVE-2018-1453)

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to bypass security restrictions and upload files to the target system.

The vulnerability exists in IBM Security Identity Manager Virtual Appliance due to unspecified flaw. A remote attacker can upload files with potentially dangerous file types to the target system that may be automatically processed on the target system.

Remediation

Install update from vendor's website.

References

http://www-01.ibm.com/support/docview.wss?uid=ibm10717957