EIQ-2018-0015



ID

EIQ-2018-0015

(Former ref.: 19230)

CVE

-

Description

Access TAXII poll configuration without permission

Date

-

Severity

2 - MEDIUM

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.4.0

Assessment

Users with the modify poll-services permission and without the read poll-services permission can access the TAXII poll configuration through the GUI by selecting > STIX and TAXII > TAXII.

Mitigation

To prevent users from accessing the TAXII poll configuration, ensure they do not have both the modify poll-services and the read poll-services permissions.

Affected versions

2.0.0 to 2.3.4 included.

Notes

-

< Back to all security issues and mitigation actions