EIQ-2018-0015
|
ID |
EIQ-2018-0015 (Former ref.: 19230) |
|
CVE |
- |
|
Description |
Access TAXII poll configuration without permission |
|
Date |
- |
|
Severity |
2 - MEDIUM |
|
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
|
Status |
|
|
Assessment |
Users with the modify poll-services permission and without the read poll-services permission can access the TAXII poll configuration through the GUI by selecting > STIX and TAXII > TAXII. |
|
Mitigation |
To prevent users from accessing the TAXII poll configuration, ensure they do not have both the modify poll-services and the read poll-services permissions. |
|
Affected versions |
2.0.0 to 2.3.4 included. |
|
Notes |
- |
2.4.0