CVE-2018-1420

Опубликовано: 01 окт. 2018

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

Ссылки

http://www.securitytracker.com/id/1041767
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg22014276
Patch
Vendor Advisory
http://www.securitytracker.com/id/1041767
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=swg22014276
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00157

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-xxr9-6j7m-9mvq

CVSS3: 6.5

github

около 3 лет назад

EPSS

Процентиль: 38%

0.00157

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732