CVE-2018-1420
5.3
CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | WebSphere Portal | 7.0 | affected |
| IBM | WebSphere Portal | 8.0 | affected |
| IBM | WebSphere Portal | 8.5 | affected |
| IBM | WebSphere Portal | 9.0 | affected |
Weaknesses
- Data Manipulation
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
- https://www.ibm.com/support/docview.wss?uid=swg22014276
- http://www.securitytracker.com/id/1041767
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
- https://www.ibm.com/support/docview.wss?uid=swg22014276
- http://www.securitytracker.com/id/1041767
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.