CVE-2018-1380

Published: Oct 29, 2018Modified: Nov 21, 2024

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.

Affected (3)

Products: Ibm: Infosphere Master Data Management

Ibm

1 product

Infosphere Master Data Management

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management	Version 11.4
Ibm Infosphere Master Data Management	Version 11.5
Ibm Infosphere Master Data Management	Version 11.6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/138077

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10735411

Source: psirt@us.ibm.com

MitigationVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/138077

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10735411

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.