Skip to main content

Security Key Lifecycle Manager CVE-2018-1750

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2018-10-08 psirt@us.ibm.com
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 08, 2018 - 15:29 nvd
HIGH 8.1

DescriptionNVD

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.

AnalysisAI

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511. Affected products include: Ibm Security Key Lifecycle Manager.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2016-6095 CRITICAL
9.8 Feb 02

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attack

CVE-2016-6093 CRITICAL
9.8 Jun 08

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it eas

CVE-2023-25684 CRITICAL
9.8 Mar 21

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critic

CVE-2020-4567 CRITICAL
9.8 Jul 29

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote atta

CVE-2018-1742 CRITICAL
9.3 Oct 08

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic

CVE-2016-6103 HIGH
8.8 Feb 02

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2023-25924 HIGH
8.8 Mar 22

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform

CVE-2016-6105 HIGH
8.2 Feb 01

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functiona

CVE-2016-6098 HIGH
8.1 Jun 08

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way tha

CVE-2016-6104 HIGH
7.2 Feb 07

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the imp

CVE-2023-25923 HIGH
7.5 Mar 21

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that

CVE-2021-38984 HIGH
7.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could

Share

CVE-2018-1750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy