Main Vulnerability Database Vulnerabilities #VU36597

Incorrect permission assignment for critical resource in WebSphere Portal - CVE-2018-1420

Published: October 1, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36597

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1420

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

How to mitigate CVE-2018-1420

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1041767
https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
https://www.ibm.com/support/docview.wss?uid=swg22014276

Incorrect permission assignment for critical resource in WebSphere Portal - CVE-2018-1420

Detailed vulnerability description

How to mitigate CVE-2018-1420

Sources

Please verify you're human