Improper Authorization in IBM StoredIQ 7.6.0 Allows Low Privileged User Access to High Privileged User Endpoints

Improper Authorization in IBM StoredIQ 7.6.0 Allows Low Privileged User Access to High Privileged User Endpoints

CVE-2018-1928 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.

Learn more about our User Device Pen Test.