IBM WebSphere Portal Security Bypass Vulnerability (CVE-2018-1672)
Medium Nessus Plugin ID 128997
SynopsisThe web portal application installed on remote Windows host is affected by a security bypass vulnerability.
DescriptionThe version of IBM WebSphere Portal installed on the remote Windows host is affected by a security bypass vulnerability due to improper validaiton of user context during impersionation senarios. An authenticated, remote attacker can exploit this, to perform actions in the user or administrator interface with the privileges of another user.
SolutionApply the appropriate fixes according to the vendor advisory.