Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0116
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct for UNIX versions 6.0.x antérieures à 6.0.0.2.iFix145 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct for UNIX versions 6.2.x antérieures à 6.2.0.5.iFix021 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct for UNIX versions 4.3.x antérieures à 4.3.0.1.iFix109 | ||
| IBM | Sterling | IBM Sterling B2B Integrator version 6.1.0.0 à 6.1.2.0 antérieures à 6.1.2.1 | ||
| IBM | Sterling | IBM Sterling B2B Integrator version 6.0.0.0 à 6.0.3.7 antérieures à 6.0.3.8 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct for UNIX versions 6.1.x antérieures à 6.1.0.4.iFix077 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct for UNIX versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix145",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct for UNIX versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5.iFix021",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct for UNIX versions 4.3.x ant\u00e9rieures \u00e0 4.3.0.1.iFix109",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator version 6.1.0.0 \u00e0 6.1.2.0 ant\u00e9rieures \u00e0 6.1.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator version 6.0.0.0 \u00e0 6.0.3.7 ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct for UNIX versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.4.iFix077",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38875"
},
{
"name": "CVE-2022-31772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31772"
},
{
"name": "CVE-2019-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
},
{
"name": "CVE-2019-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4465"
},
{
"name": "CVE-2020-4320",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
},
{
"name": "CVE-2019-4049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
},
{
"name": "CVE-2019-4277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4277"
},
{
"name": "CVE-2021-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
},
{
"name": "CVE-2020-4319",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4319"
},
{
"name": "CVE-2019-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
},
{
"name": "CVE-2022-40231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40231"
},
{
"name": "CVE-2020-4682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
},
{
"name": "CVE-2022-40232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40232"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2020-4375",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4375"
},
{
"name": "CVE-2020-4267",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4267"
},
{
"name": "CVE-2023-23477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
},
{
"name": "CVE-2019-4614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
},
{
"name": "CVE-2019-4762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
},
{
"name": "CVE-2021-29843",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29843"
},
{
"name": "CVE-2019-4655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
},
{
"name": "CVE-2020-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
},
{
"name": "CVE-2019-4656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2022-22970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2019-4560",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4560"
},
{
"name": "CVE-2022-43579",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43579"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2019-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
},
{
"name": "CVE-2019-4261",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
},
{
"name": "CVE-2019-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2020-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4465"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954465"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954471"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954453"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954469"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954467"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
"url": "https://www.ibm.com/support/pages/node/6954727"
}
],
"reference": "CERTFR-2023-AVI-0116",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code\nindirecte \u00e0 distance (XSS) et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954763 du 10 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954453 du 09 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954767 du 10 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954771 du 10 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954469 du 09 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954765 du 10 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954471 du 09 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954727 du 10 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954467 du 09 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6954465 du 09 f\u00e9vrier 2023",
"url": null
}
]
}
CVE-2019-12415 (GCVE-0-2019-12415)
Vulnerability from cvelistv5 – Published: 2019-10-23 19:27 – Updated: 2024-08-04 23:17
VLAI
EPSS
Summary
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/2ac0327748de… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/895164e03a3c… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/d88b88238670… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r204ba2a9ea7… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/13a54b6a0336… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Apache POI |
Affected:
Apache POI up to 4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache POI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache POI up to 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:23.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache POI",
"version": {
"version_data": [
{
"version_value": "Apache POI up to 4.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E"
},
{
"name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12415",
"datePublished": "2019-10-23T19:27:20.000Z",
"dateReserved": "2019-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:17:40.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4049 (GCVE-0-2019-4049)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 03:47
VLAI
EPSS
Summary
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870490 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
Date Public
2019-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490"
},
{
"name": "ibm-websphere-cve20194049-dos (156398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
}
]
}
],
"datePublic": "2019-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/I:N/UI:N/AV:L/S:U/AC:L/A:H/C:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490"
},
{
"name": "ibm-websphere-cve20194049-dos (156398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-05T00:00:00",
"ID": "CVE-2019-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870490",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 870490 (MQ)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870490"
},
{
"name": "ibm-websphere-cve20194049-dos (156398)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4049",
"datePublished": "2019-08-20T18:25:26.381Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:47:44.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4055 (GCVE-0-2019-4055)
Vulnerability from cvelistv5 – Published: 2019-04-19 16:20 – Updated: 2024-09-17 04:14
VLAI
EPSS
Summary
IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564.
Severity
CWE
- Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10870484 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/108027 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1.0.0 Affected: 9.1.0.1 Affected: 9.1.1 |
Date Public
2019-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
},
{
"name": "ibm-websphere-cve20194055-dos (156564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
},
{
"name": "108027",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
}
]
}
],
"datePublic": "2019-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:N/C:N/AV:N/A:H/UI:N/PR:N/S:U/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T07:06:04.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
},
{
"name": "ibm-websphere-cve20194055-dos (156564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
},
{
"name": "108027",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-04-16T00:00:00",
"ID": "CVE-2019-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10870484",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 870484 (MQ)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10870484"
},
{
"name": "ibm-websphere-cve20194055-dos (156564)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156564"
},
{
"name": "108027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4055",
"datePublished": "2019-04-19T16:20:15.989Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:14:16.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4261 (GCVE-0-2019-4261)
Vulnerability from cvelistv5 – Published: 2019-08-05 13:40 – Updated: 2024-09-17 03:43
VLAI
EPSS
Summary
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10886887 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1.0.0 Affected: 9.1.0.1 Affected: 9.1.1 Affected: 9.1.0.2 Affected: 9.1.2 Affected: 8.0.0.11 Affected: 9.0.0.6 |
Date Public
2019-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887"
},
{
"name": "ibm-mq-cve20194261-dos (160013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "9.0.0.6"
}
]
}
],
"datePublic": "2019-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/A:L/C:N/I:N/AC:L/AV:N/S:U/PR:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T13:40:15.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887"
},
{
"name": "ibm-mq-cve20194261-dos (160013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-01T00:00:00",
"ID": "CVE-2019-4261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10886887",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 886887 (MQ)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10886887"
},
{
"name": "ibm-mq-cve20194261-dos (160013)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4261",
"datePublished": "2019-08-05T13:40:15.514Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:43.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4378 (GCVE-0-2019-4378)
Vulnerability from cvelistv5 – Published: 2019-09-26 15:05 – Updated: 2024-09-17 02:32
VLAI
EPSS
Summary
IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportcontent.ibm.com/support/pages/node… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.5.0.6 Affected: 7.5.0.7 Affected: 7.5.0.8 Affected: 8.0.0.8 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.1.0.4 Affected: 7.1.0.5 Affected: 7.1.0.6 Affected: 7.1.0.7 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1.0.0 Affected: 9.1.0.1 Affected: 9.1.1 Affected: 9.1.0.2 Affected: 9.1.2 Affected: 8.0.0.11 Affected: 9.0.0.6 Affected: 7.1.0.0 Affected: 7.1.0.8 Affected: 7.1.0.9 Affected: 7.5.0.0 Affected: 7.5.0.9 Affected: 8.0.0.12 |
Date Public
2019-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcontent.ibm.com/support/pages/node/886885"
},
{
"name": "ibm-mq-cve20194378-dos (162084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.5.0.6"
},
{
"status": "affected",
"version": "7.5.0.7"
},
{
"status": "affected",
"version": "7.5.0.8"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.1.0.4"
},
{
"status": "affected",
"version": "7.1.0.5"
},
{
"status": "affected",
"version": "7.1.0.6"
},
{
"status": "affected",
"version": "7.1.0.7"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "9.0.0.6"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.0.8"
},
{
"status": "affected",
"version": "7.1.0.9"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.9"
},
{
"status": "affected",
"version": "8.0.0.12"
}
]
}
],
"datePublic": "2019-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/A:H/AC:H/S:U/UI:N/AV:N/I:N/PR:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:05:30.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcontent.ibm.com/support/pages/node/886885"
},
{
"name": "ibm-mq-cve20194378-dos (162084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-09-17T00:00:00",
"ID": "CVE-2019-4378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.5.0.6"
},
{
"version_value": "7.5.0.7"
},
{
"version_value": "7.5.0.8"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "7.1.0.1"
},
{
"version_value": "7.1.0.2"
},
{
"version_value": "7.1.0.3"
},
{
"version_value": "7.1.0.4"
},
{
"version_value": "7.1.0.5"
},
{
"version_value": "7.1.0.6"
},
{
"version_value": "7.1.0.7"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.0.8"
},
{
"version_value": "7.1.0.9"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.9"
},
{
"version_value": "8.0.0.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.ibm.com/support/pages/node/886885",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 886885 (MQ)",
"url": "https://supportcontent.ibm.com/support/pages/node/886885"
},
{
"name": "ibm-mq-cve20194378-dos (162084)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4378",
"datePublished": "2019-09-26T15:05:31.039Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:24.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4465 (GCVE-0-2019-4465)
Vulnerability from cvelistv5 – Published: 2019-12-03 14:55 – Updated: 2024-09-17 00:37
VLAI
EPSS
Summary
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/1118487 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cloud Pak System |
Affected:
2.3
Affected: 2.2 |
Date Public
2019-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Pak System",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/UI:N/PR:N/A:N/S:U/AV:L/AC:L/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:55:23.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-02T00:00:00",
"ID": "CVE-2019-4465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak System",
"version": {
"version_data": [
{
"version_value": "2.3"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1118487",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1118487 (Cloud Pak System)",
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"name": "ibm-cps-cve20194465-info-disc (163774)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4465",
"datePublished": "2019-12-03T14:55:23.910Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:37:02.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4560 (GCVE-0-2019-4560)
Vulnerability from cvelistv5 – Published: 2019-12-16 15:45 – Updated: 2024-09-16 18:44
VLAI
EPSS
Summary
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/1106037 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1.0.0 Affected: 9.1.0.1 Affected: 9.1.1 Affected: 9.1.0.2 Affected: 9.1.2 Affected: 8.0.0.11 Affected: 9.0.0.6 Affected: 8.0.0.12 Affected: 9.1.0.3 Affected: 9.1.3 Affected: 9.0.0.7 |
Date Public
2019-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1106037"
},
{
"name": "ibm-mq-cve20194560-dos (166357)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "9.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "9.1.0.3"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.0.0.7"
}
]
}
],
"datePublic": "2019-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/AC:H/S:U/UI:N/AV:N/PR:L/A:H/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-16T15:45:16.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1106037"
},
{
"name": "ibm-mq-cve20194560-dos (166357)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-12-13T00:00:00",
"ID": "CVE-2019-4560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "9.1.0.3"
},
{
"version_value": "9.1.3"
},
{
"version_value": "9.0.0.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1106037",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1106037 (MQ)",
"url": "https://www.ibm.com/support/pages/node/1106037"
},
{
"name": "ibm-mq-cve20194560-dos (166357)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166357"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4560",
"datePublished": "2019-12-16T15:45:16.251Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:44:07.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4614 (GCVE-0-2019-4614)
Vulnerability from cvelistv5 – Published: 2020-01-28 18:30 – Updated: 2024-09-17 04:19
VLAI
EPSS
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/1106523 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1.0.0 Affected: 9.1.0.1 Affected: 9.1.1 Affected: 9.1.0.2 Affected: 9.1.2 Affected: 8.0.0.11 Affected: 9.0.0.6 Affected: 8.0.0.12 Affected: 9.1.0.3 Affected: 9.1.3 Affected: 9.0.0.7 Affected: 8.0.0.13 |
Date Public
2020-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1106523"
},
{
"name": "ibm-mq-cve20194614-dos (168639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1.0.0"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "9.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "9.1.0.3"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.0.0.7"
},
{
"status": "affected",
"version": "8.0.0.13"
}
]
}
],
"datePublic": "2020-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/C:N/AC:H/I:N/PR:L/UI:N/S:U/A:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T18:30:52.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1106523"
},
{
"name": "ibm-mq-cve20194614-dos (168639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-01-24T00:00:00",
"ID": "CVE-2019-4614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1.0.0"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "9.1.0.3"
},
{
"version_value": "9.1.3"
},
{
"version_value": "9.0.0.7"
},
{
"version_value": "8.0.0.13"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1106523",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1106523 (MQ)",
"url": "https://www.ibm.com/support/pages/node/1106523"
},
{
"name": "ibm-mq-cve20194614-dos (168639)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4614",
"datePublished": "2020-01-28T18:30:52.540Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:19:34.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4619 (GCVE-0-2019-4619)
Vulnerability from cvelistv5 – Published: 2020-03-16 15:25 – Updated: 2024-09-16 20:12
VLAI
EPSS
Summary
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/1135101 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.0.0.1
Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 9.0.0.2 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.5.0.6 Affected: 7.5.0.7 Affected: 7.5.0.8 Affected: 8.0.0.8 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.1.0.4 Affected: 7.1.0.5 Affected: 7.1.0.6 Affected: 7.1.0.7 Affected: 8.0.0.9 Affected: 9.0.0.3 Affected: 8.0.0.0 Affected: 8.0.0.10 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 9.0.0.5 Affected: 9.1 Affected: 9.1.0.1 Affected: 9.1.1 Affected: 9.1.0.2 Affected: 9.1.2 Affected: 8.0.0.11 Affected: 9.0.0.6 Affected: 7.1.0.0 Affected: 7.1.0.8 Affected: 7.1.0.9 Affected: 7.5.0.0 Affected: 7.5.0.9 Affected: 8.0.0.12 Affected: 9.1.0.3 Affected: 9.1.3 Affected: 9.0.0.7 Affected: 8.0.0.13 Affected: 9.0.0.8 |
Date Public
2020-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1135101"
},
{
"name": "ibm-mq-cve20194619-info-disc (168862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.5.0.6"
},
{
"status": "affected",
"version": "7.5.0.7"
},
{
"status": "affected",
"version": "7.5.0.8"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.1.0.4"
},
{
"status": "affected",
"version": "7.1.0.5"
},
{
"status": "affected",
"version": "7.1.0.6"
},
{
"status": "affected",
"version": "7.1.0.7"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1.0.1"
},
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.0.2"
},
{
"status": "affected",
"version": "9.1.2"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "9.0.0.6"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.0.8"
},
{
"status": "affected",
"version": "7.1.0.9"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.9"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "9.1.0.3"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.0.0.7"
},
{
"status": "affected",
"version": "8.0.0.13"
},
{
"status": "affected",
"version": "9.0.0.8"
}
]
}
],
"datePublic": "2020-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/AV:L/AC:H/A:N/I:N/UI:N/S:U/C:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:25:19.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1135101"
},
{
"name": "ibm-mq-cve20194619-info-disc (168862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-03-13T00:00:00",
"ID": "CVE-2019-4619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.5.0.6"
},
{
"version_value": "7.5.0.7"
},
{
"version_value": "7.5.0.8"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "7.1.0.1"
},
{
"version_value": "7.1.0.2"
},
{
"version_value": "7.1.0.3"
},
{
"version_value": "7.1.0.4"
},
{
"version_value": "7.1.0.5"
},
{
"version_value": "7.1.0.6"
},
{
"version_value": "7.1.0.7"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.1"
},
{
"version_value": "9.1.0.1"
},
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.0.2"
},
{
"version_value": "9.1.2"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "9.0.0.6"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.0.8"
},
{
"version_value": "7.1.0.9"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.9"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "9.1.0.3"
},
{
"version_value": "9.1.3"
},
{
"version_value": "9.0.0.7"
},
{
"version_value": "8.0.0.13"
},
{
"version_value": "9.0.0.8"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1135101",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1135101 (MQ)",
"url": "https://www.ibm.com/support/pages/node/1135101"
},
{
"name": "ibm-mq-cve20194619-info-disc (168862)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4619",
"datePublished": "2020-03-16T15:25:20.026Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:12:49.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…