Vulnerabilites related to IBM - PureApplication System
CVE-2019-4225 (GCVE-0-2019-4225)
Vulnerability from cvelistv5
Published
2019-06-26 14:35
Modified
2024-09-16 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | PureApplication System |
Version: 2.2.3.0 Version: 2.2.3.1 Version: 2.2.3.2 Version: 2.2.4.0 Version: 2.2.5.0 Version: 2.2.5.1 Version: 2.2.5.2 Version: 2.2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194225-info-disc (159242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PureApplication System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.4.0"
},
{
"status": "affected",
"version": "2.2.5.0"
},
{
"status": "affected",
"version": "2.2.5.1"
},
{
"status": "affected",
"version": "2.2.5.2"
},
{
"status": "affected",
"version": "2.2.5.3"
}
]
}
],
"datePublic": "2019-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/I:N/AC:L/A:N/S:U/PR:H/AV:L/C:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:35:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194225-info-disc (159242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194225-info-disc (159242)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4225",
"datePublished": "2019-06-26T14:35:17.957346Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:38:59.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4241 (GCVE-0-2019-4241)
Vulnerability from cvelistv5
Published
2019-06-26 14:35
Modified
2024-09-17 02:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Bypass Security
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | PureApplication System |
Version: 2.2.3.0 Version: 2.2.3.1 Version: 2.2.3.2 Version: 2.2.4.0 Version: 2.2.5.0 Version: 2.2.5.1 Version: 2.2.5.2 Version: 2.2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194241-auth-bypass (159467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PureApplication System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.4.0"
},
{
"status": "affected",
"version": "2.2.5.0"
},
{
"status": "affected",
"version": "2.2.5.1"
},
{
"status": "affected",
"version": "2.2.5.2"
},
{
"status": "affected",
"version": "2.2.5.3"
}
]
}
],
"datePublic": "2019-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/AV:L/S:U/PR:N/A:H/AC:L/I:H/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194241-auth-bypass (159467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194241-auth-bypass (159467)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4241",
"datePublished": "2019-06-26T14:35:18.087114Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:30.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4224 (GCVE-0-2019-4224)
Vulnerability from cvelistv5
Published
2019-06-26 14:35
Modified
2024-09-17 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Data Manipulation
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | PureApplication System |
Version: 2.2.3.0 Version: 2.2.3.1 Version: 2.2.3.2 Version: 2.2.4.0 Version: 2.2.5.0 Version: 2.2.5.1 Version: 2.2.5.2 Version: 2.2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194224-sql-injection (159240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PureApplication System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.4.0"
},
{
"status": "affected",
"version": "2.2.5.0"
},
{
"status": "affected",
"version": "2.2.5.1"
},
{
"status": "affected",
"version": "2.2.5.2"
},
{
"status": "affected",
"version": "2.2.5.3"
}
]
}
],
"datePublic": "2019-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/S:U/PR:L/AV:N/C:L/UI:N/I:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:35:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194224-sql-injection (159240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194224-sql-injection (159240)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4224",
"datePublished": "2019-06-26T14:35:17.856605Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:05:56.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4234 (GCVE-0-2019-4234)
Vulnerability from cvelistv5
Published
2019-06-26 14:35
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | PureApplication System |
Version: 2.2.3.0 Version: 2.2.3.1 Version: 2.2.3.2 Version: 2.2.4.0 Version: 2.2.5.0 Version: 2.2.5.1 Version: 2.2.5.2 Version: 2.2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:36.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194234-gain-access (159416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PureApplication System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.4.0"
},
{
"status": "affected",
"version": "2.2.5.0"
},
{
"status": "affected",
"version": "2.2.5.1"
},
{
"status": "affected",
"version": "2.2.5.2"
},
{
"status": "affected",
"version": "2.2.5.3"
}
]
}
],
"datePublic": "2019-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/AV:N/S:U/PR:L/A:N/AC:L/I:L/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:35:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194234-gain-access (159416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194234-gain-access (159416)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4234",
"datePublished": "2019-06-26T14:35:18.000279Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:48:14.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4235 (GCVE-0-2019-4235)
Vulnerability from cvelistv5
Published
2019-06-26 14:35
Modified
2024-09-17 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | PureApplication System |
Version: 2.2.3.0 Version: 2.2.3.1 Version: 2.2.3.2 Version: 2.2.4.0 Version: 2.2.5.0 Version: 2.2.5.1 Version: 2.2.5.2 Version: 2.2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194235-info-disc (159417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PureApplication System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.3.1"
},
{
"status": "affected",
"version": "2.2.3.2"
},
{
"status": "affected",
"version": "2.2.4.0"
},
{
"status": "affected",
"version": "2.2.5.0"
},
{
"status": "affected",
"version": "2.2.5.1"
},
{
"status": "affected",
"version": "2.2.5.2"
},
{
"status": "affected",
"version": "2.2.5.3"
}
]
}
],
"datePublic": "2019-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/I:N/UI:N/C:H/AV:N/S:U/PR:N/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194235-info-disc (159417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-31T00:00:00",
"ID": "CVE-2019-4235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PureApplication System",
"version": {
"version_data": [
{
"version_value": "2.2.3.0"
},
{
"version_value": "2.2.3.1"
},
{
"version_value": "2.2.3.2"
},
{
"version_value": "2.2.4.0"
},
{
"version_value": "2.2.5.0"
},
{
"version_value": "2.2.5.1"
},
{
"version_value": "2.2.5.2"
},
{
"version_value": "2.2.5.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 885602 (PureApplication System)",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"
},
{
"name": "ibm-pure-cve20194235-info-disc (159417)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4235",
"datePublished": "2019-06-26T14:35:18.043161Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:56:55.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}