IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333.
Weakness
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Security_information_queue | Ibm | 1.0.0 (including) | 1.0.0 (including) |
| Security_information_queue | Ibm | 1.0.1 (including) | 1.0.1 (including) |
| Security_information_queue | Ibm | 1.0.2 (including) | 1.0.2 (including) |
| Security_information_queue | Ibm | 1.0.3 (including) | 1.0.3 (including) |
| Security_information_queue | Ibm | 1.0.4 (including) | 1.0.4 (including) |
| Security_information_queue | Ibm | 1.0.5 (including) | 1.0.5 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/459.html
- https://cwe.mitre.org/data/definitions/461.html
- https://cwe.mitre.org/data/definitions/473.html
- https://cwe.mitre.org/data/definitions/476.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/667.html
- https://cwe.mitre.org/data/definitions/94.html