Main Vulnerability Database Vulnerabilities #VU14519

Command injection in IBM Security Verify Access - CVE-2018-1722

Published: August 23, 2018 / Updated: August 24, 2018

Vulnerability identifier: #VU14519

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1722

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Verify Access

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists on the systems with Advanced Access Control or Federation services running due to command injection when processing user-supplied input. A remote attacker can inject malicious commands and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-1722

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=ibm10719623

Command injection in IBM Security Verify Access - CVE-2018-1722

Detailed vulnerability description

How to mitigate CVE-2018-1722

Sources

Please verify you're human