CVE-2019-4234

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/159416	VDB Entry Vendor Advisory
https://www-01.ibm.com/support/docview.wss?uid=ibm10885602	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/159416	VDB Entry Vendor Advisory
https://www-01.ibm.com/support/docview.wss?uid=ibm10885602	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-26 15:15

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4234

Mitre link : CVE-2019-4234

CVE.ORG link : CVE-2019-4234

JSON object : View

Products Affected

ibm

pureapplication_system

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-4234", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-06-26T15:15:10.043", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."}, {"lang": "es", "value": "IBM PureApplication System de la versi\u00f3n 2.2.3.0 a 2.2.5.3 debilidad en la implementaci\u00f3n de la funci\u00f3n de bloqueo en el editor de patrones. Un atacante interceptando las solicitudes subsiguientes puede omitir la l\u00f3gica de negocios para modificar el patr\u00f3n al estado desbloqueado. ID de IBM X-Force: 159416."}], "lastModified": "2024-11-21T04:43:21.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AFAF27C-B716-404D-91DB-431F747EF289", "versionEndIncluding": "2.2.5.3", "versionStartIncluding": "2.2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}