CVE-2018-1420

State: PUBLISHED · Published: 2018-10-01 · Updated: 2024-09-16 · Assigner: ibm

Description

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

CWE

(none)

Affected

IBM / WebSphere Portal — v=7.0 [affected]; v=8.0 [affected]; v=8.5 [affected]; v=9.0 [affected]

CVSS

3.0 score=5.3 severity=MEDIUM CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 vdb-entry, x_refsource_XF
https://www.ibm.com/support/docview.wss?uid=swg22014276 x_refsource_CONFIRM
http://www.securitytracker.com/id/1041767 vdb-entry, x_refsource_SECTRACK

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1420.json