Vulnerability Details CVE-2018-1420
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 4.0
References
- http://www.securitytracker.com/id/1041767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
- https://www.ibm.com/support/docview.wss?uid=swg22014276
- http://www.securitytracker.com/id/1041767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
- https://www.ibm.com/support/docview.wss?uid=swg22014276
Products affected by CVE-2018-1420
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.0
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.1
-
cpe:2.3:a:ibm:websphere_portal:7.0.0.2
-
cpe:2.3:a:ibm:websphere_portal:8.0.0.0
-
cpe:2.3:a:ibm:websphere_portal:8.0.0.1
-
cpe:2.3:a:ibm:websphere_portal:8.5.0.0
-
cpe:2.3:a:ibm:websphere_portal:9.0.0.0