CVE-2019-4234
4.3
CVSS:3.0/C:N/AV:N/S:U/PR:L/A:N/AC:L/I:L/UI:N/RC:C/E:U/RL:O
Summary
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | PureApplication System | 2.2.3.0 | affected |
| IBM | PureApplication System | 2.2.3.1 | affected |
| IBM | PureApplication System | 2.2.3.2 | affected |
| IBM | PureApplication System | 2.2.4.0 | affected |
| IBM | PureApplication System | 2.2.5.0 | affected |
| IBM | PureApplication System | 2.2.5.1 | affected |
| IBM | PureApplication System | 2.2.5.2 | affected |
| IBM | PureApplication System | 2.2.5.3 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www-01.ibm.com/support/docview.wss?uid=ibm10885602
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159416
References
- https://www-01.ibm.com/support/docview.wss?uid=ibm10885602
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159416
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.