IBM WebSphere Portal CVE-2018-1672 Security Bypass Vulnerability

Bugtraq ID:	106555
Class:	Access Validation Error
CVE:	CVE-2018-1672
Remote:	Yes
Local:	No
Published:	Sep 25 2018 12:00AM
Updated:	Sep 25 2018 12:00AM
Credit:	IBM
Vulnerable:	IBM Websphere Portal 9.0.0.0 CF15 IBM Websphere Portal 9.0.0.0 CF14 IBM Websphere Portal 9.0.0.0 IBM Websphere Portal 8.5.0.0 CF15 IBM Websphere Portal 8.5.0.0 CF14 IBM Websphere Portal 8.5.0.0 CF11 IBM Websphere Portal 8.5.0.0 CF09 IBM Websphere Portal 8.5.0.0 CF08 IBM Websphere Portal 8.5.0.0 CF06 IBM Websphere Portal 8.5.0.0 IBM Websphere Portal 8.0.0.1 CF23 IBM Websphere Portal 8.0.0.1 CF22 IBM Websphere Portal 8.0.0.1 CF21 IBM Websphere Portal 8.0.0.1 CF20 IBM Websphere Portal 8.0.0.1 CF19 IBM Websphere Portal 8.0.0.1 CF18 IBM Websphere Portal 8.0.0.1 CF17 IBM Websphere Portal 8.0.0.1 CF16 IBM Websphere Portal 8.0.0.1 CF15 IBM Websphere Portal 8.0.0.1 CF14 IBM Websphere Portal 8.0.0.1 CF13 IBM Websphere Portal 8.0.0.1 CF12 IBM Websphere Portal 8.0.0.1 CF11 IBM Websphere Portal 8.0.0.1 CF09 IBM Websphere Portal 8.0.0.1 Cf08 IBM Websphere Portal 8.0.0.1 Cf07 IBM Websphere Portal 8.0.0.1 Cf06 IBM Websphere Portal 8.0.0.1 Cf05 IBM Websphere Portal 8.0.0.1 Cf04 IBM Websphere Portal 8.0.0.0 IBM Websphere Portal 7.0.0.2 CF30 IBM Websphere Portal 7.0.0.2 CF29 IBM Websphere Portal 7.0.0.2 CF28 IBM Websphere Portal 7.0.0.2 CF27 IBM Websphere Portal 7.0.0.2 Cf26 IBM Websphere Portal 7.0.0.2 Cf25 IBM Websphere Portal 7.0.0.2 Cf24 IBM Websphere Portal 7.0.0.2 Cf23 IBM Websphere Portal 7.0.0.0
Not Vulnerable:

IBM WebSphere Portal CVE-2018-1672 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM WebSphere Portal CVE-2018-1672 Security Bypass Vulnerability

References:

• IBM Homepage (IBM)
  
• ibm10716981: Impersonation Issue Affects IBM WebSphere Portal (CVE-2018-1672) (IBM)