Skip to main content

Improper Privilege Management

CVE-2018-1368

Severity Medium
Score 4.4/10

Summary

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-269 - Improper Privilege Management

An effective privilege management infrastructure provides valid users with required access and privileges across heterogeneous technology environments. An application with a faulty privilege management infrastructure allows higher than authorized privileges or enables privilege escalation. This can lead to security incidents such as system infiltration, data breach, and complete system takeover.

References

Advisory Timeline

  • Published