Improper Authorization in IBM StoredIQ 7.6.0 Allows Low Privileged User Access to High Privileged User Endpoints
CVE-2018-1928 · LOW Severity
AV:L/AC:L/AU:N/C:N/I:P/A:N
IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119.
Learn more about our User Device Pen Test.