Vulnerability Details : CVE-2018-1368
IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765.
Products affected by CVE-2018-1368
- cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1368
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1368
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.8
|
2.5
|
NIST |
CWE ids for CVE-2018-1368
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1368
-
http://www.securitytracker.com/id/1040349
IBM Security Guardium Database Activity Monitor Unspecified Bug Lets Local Users Perform Some Administrative Actions to Access Reports and Modify Configuration Data - SecurityTrackerThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/137765
IBM Security Guardium Database Activity Monitor information disclosure CVE-2018-1368 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg22013302
IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Insufficient Authorization Checks vulnerability (CVE-2018-1368 )Patch;Vendor Advisory
Jump to