EIQ-2018-0015
ID |
EIQ-2018-0015 (Former ref.: 19230) |
CVE |
- |
Description |
Access TAXII poll configuration without permission |
Date |
- |
Severity |
2 - MEDIUM |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
2.4.0 |
Assessment |
Users with the modify poll-services permission and without the read poll-services permission can access the TAXII poll configuration through the GUI by selecting > STIX and TAXII > TAXII. |
Mitigation |
To prevent users from accessing the TAXII poll configuration, ensure they do not have both the modify poll-services and the read poll-services permissions. |
Affected versions |
2.0.0 to 2.3.4 included. |
Notes |
- |