CVE-2018-1420

Description

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

CVSS breakdown

CVSS 3.0

Availability

None

Attack Complexity

High

Attack Vector

Network

Confidentiality

None

Integrity

High

Privileges Required

Low

Scope

Unchanged

User Interaction

None

Unchanged

Changed

Affected products

ibm / WebSphere Portal7.0 – 7.0
ibm / WebSphere Portal8.0 – 8.0
ibm / WebSphere Portal8.5 – 8.5
ibm / WebSphere Portal9.0 – 9.0

References

MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/138950
MISChttps://www.ibm.com/support/docview.wss?uid=swg22014276
MISChttp://www.securitytracker.com/id/1041767