What is CVE-2018-1380?

CVE-2018-1380 is a vulnerability in IBM InfoSphere Master Data Management Collaboration Server that allows an authenticated user to change their ca-id to another user and read sensitive information.

What is the severity of CVE-2018-1380?

The severity of CVE-2018-1380 is rated as medium with a severity value of 4.9.

How can an attacker exploit CVE-2018-1380?

An attacker can exploit CVE-2018-1380 by impersonating another user and changing their ca-id, allowing them to access sensitive information.

Is there a fix available for CVE-2018-1380?

Yes, IBM has released a security bulletin providing more information on how to mitigate this vulnerability.

Vulnerability/
CVE-2018-1380

medium

4.9

CWE

200

29/10/2018

17/9/2024

CVE-2018-1380: Infoleak

First published: Mon Oct 29 2018(Updated: )

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM InfoSphere Master Data Management	=11.4
IBM InfoSphere Master Data Management	=11.5
IBM InfoSphere Master Data Management	=11.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-1380?
CVE-2018-1380 is a vulnerability in IBM InfoSphere Master Data Management Collaboration Server that allows an authenticated user to change their ca-id to another user and read sensitive information.
What is the severity of CVE-2018-1380?
The severity of CVE-2018-1380 is rated as medium with a severity value of 4.9.
How does CVE-2018-1380 affect IBM InfoSphere Master Data Management Collaboration Server?
CVE-2018-1380 affects IBM InfoSphere Master Data Management Collaboration Server versions 11.4, 11.5, and 11.6.
How can an attacker exploit CVE-2018-1380?
An attacker can exploit CVE-2018-1380 by impersonating another user and changing their ca-id, allowing them to access sensitive information.
Is there a fix available for CVE-2018-1380?
Yes, IBM has released a security bulletin providing more information on how to mitigate this vulnerability.

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/softwarecombine
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/ibm
canonical/ibm infosphere master data management
version/ibm infosphere master data management/11.4
version/ibm infosphere master data management/11.5
version/ibm infosphere master data management/11.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.