Vulnerability CVE-2018-1383


Published: 2018-02-13

Description:
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

Type:

CWE-284

(Improper Access Control)

Vendor: IBM
Product: AIX 
Version:
7.2.2
7.2.1
7.2
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1
6.1.9
6.1.8
6.1.7
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026948
http://www.securityfocus.com/bid/102989
http://www.securitytracker.com/id/1040358
https://exchange.xforce.ibmcloud.com/vulnerabilities/138117

Related CVE
CVE-2019-4008
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVE-2018-1666
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be display...
CVE-2019-4038
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IB...
CVE-2018-1962
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-For...
CVE-2018-1801
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XX...
CVE-2018-1675
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110.
CVE-2019-4040
IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2018-1976
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

Copyright 2019, cxsecurity.com

 

Back to Top