Main Vulnerability Database Vulnerabilities #VU36598

Improper Authentication in WebSphere Portal - CVE-2018-1672

Published: October 1, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36598

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1672

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

How to mitigate CVE-2018-1672

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1041766
https://exchange.xforce.ibmcloud.com/vulnerabilities/144958
https://www.ibm.com/support/docview.wss?uid=ibm10716981

Improper Authentication in WebSphere Portal - CVE-2018-1672

Detailed vulnerability description

How to mitigate CVE-2018-1672

Sources

Please verify you're human