Vulnerability-Lookup

CVE-2019-4397 (GCVE-0-2019-4397)

Vulnerability from cvelistv5 – Published: 2019-10-24 12:00 – Updated: 2024-09-17 01:01

Summary

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AC:H/UI:N/S:U/PR:L/C:H/A:N/I:N/AV:N/RL:O/RC:C/E:U

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1077147	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Cloud Orchestrator	Affected: 2.4 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 Affected: 2.4.0.4 Affected: 2.5.0.3 Affected: 2.5.0.4 Affected: 2.4.0.5 Affected: 2.5.0.5 Affected: 2.5.0.6 Affected: 2.5.0.7 Affected: 2.5.0.8 Affected: 2.5.0.9

Date Public ?

2019-10-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1077147"
          },
          {
            "name": "ibm-co-cve20194397-info-disc (162239)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud Orchestrator",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.4.0.1"
            },
            {
              "status": "affected",
              "version": "2.4.0.2"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.5.0.1"
            },
            {
              "status": "affected",
              "version": "2.4.0.3"
            },
            {
              "status": "affected",
              "version": "2.5.0.2"
            },
            {
              "status": "affected",
              "version": "2.4.0.4"
            },
            {
              "status": "affected",
              "version": "2.5.0.3"
            },
            {
              "status": "affected",
              "version": "2.5.0.4"
            },
            {
              "status": "affected",
              "version": "2.4.0.5"
            },
            {
              "status": "affected",
              "version": "2.5.0.5"
            },
            {
              "status": "affected",
              "version": "2.5.0.6"
            },
            {
              "status": "affected",
              "version": "2.5.0.7"
            },
            {
              "status": "affected",
              "version": "2.5.0.8"
            },
            {
              "status": "affected",
              "version": "2.5.0.9"
            }
          ]
        }
      ],
      "datePublic": "2019-10-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/UI:N/S:U/PR:L/C:H/A:N/I:N/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T12:00:37.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1077147"
        },
        {
          "name": "ibm-co-cve20194397-info-disc (162239)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-23T00:00:00",
          "ID": "CVE-2019-4397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud Orchestrator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.4"
                          },
                          {
                            "version_value": "2.4.0.1"
                          },
                          {
                            "version_value": "2.4.0.2"
                          },
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "2.5.0.1"
                          },
                          {
                            "version_value": "2.4.0.3"
                          },
                          {
                            "version_value": "2.5.0.2"
                          },
                          {
                            "version_value": "2.4.0.4"
                          },
                          {
                            "version_value": "2.5.0.3"
                          },
                          {
                            "version_value": "2.5.0.4"
                          },
                          {
                            "version_value": "2.4.0.5"
                          },
                          {
                            "version_value": "2.5.0.5"
                          },
                          {
                            "version_value": "2.5.0.6"
                          },
                          {
                            "version_value": "2.5.0.7"
                          },
                          {
                            "version_value": "2.5.0.8"
                          },
                          {
                            "version_value": "2.5.0.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077147",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1077147 (Cloud Orchestrator)",
              "url": "https://www.ibm.com/support/pages/node/1077147"
            },
            {
              "name": "ibm-co-cve20194397-info-disc (162239)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4397",
    "datePublished": "2019-10-24T12:00:37.660Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:01:14.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-4397",
      "date": "2026-04-25",
      "epss": "0.00245",
      "percentile": "0.47804"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4\", \"versionEndIncluding\": \"2.4.0.5\", \"matchCriteriaId\": \"89A49276-4EDB-46EA-B8B0-95CE5363B76F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.5.0.9\", \"matchCriteriaId\": \"923A97A8-252D-4DCE-877A-08E2D396A853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4\", \"versionEndIncluding\": \"2.4.0.5\", \"matchCriteriaId\": \"F5DB9235-76C6-494E-B904-A53B818BD575\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5\", \"versionEndIncluding\": \"2.5.0.9\", \"matchCriteriaId\": \"180772FD-F4CE-4A77-B86A-9A293963B23B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239\"}, {\"lang\": \"es\", \"value\": \"IBM Cloud Orchestrator e IBM Cloud Orchestrator Enterprise versiones 2.5 hasta 2.5.0.9 y 2.4 hasta 2.4.0.5, almacenan informaci\\u00f3n confidencial en par\\u00e1metros de la URL. Esto puede conllevar a una divulgaci\\u00f3n de informaci\\u00f3n si las partes no autorizadas tienen acceso a las URL por medio de los registros del servidor, encabezado de referencia o historial del navegador. ID de IBM X-Force: 162239\"}]",
      "id": "CVE-2019-4397",
      "lastModified": "2024-11-21T04:43:33.437",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-24T12:15:11.697",
      "references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/162239\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/1077147\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/162239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/1077147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-4397\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2019-10-24T12:15:11.697\",\"lastModified\":\"2024-11-21T04:43:33.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239\"},{\"lang\":\"es\",\"value\":\"IBM Cloud Orchestrator e IBM Cloud Orchestrator Enterprise versiones 2.5 hasta 2.5.0.9 y 2.4 hasta 2.4.0.5, almacenan informaci\u00f3n confidencial en par\u00e1metros de la URL. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n si las partes no autorizadas tienen acceso a las URL por medio de los registros del servidor, encabezado de referencia o historial del navegador. ID de IBM X-Force: 162239\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndIncluding\":\"2.4.0.5\",\"matchCriteriaId\":\"89A49276-4EDB-46EA-B8B0-95CE5363B76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.5.0.9\",\"matchCriteriaId\":\"923A97A8-252D-4DCE-877A-08E2D396A853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndIncluding\":\"2.4.0.5\",\"matchCriteriaId\":\"F5DB9235-76C6-494E-B904-A53B818BD575\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5\",\"versionEndIncluding\":\"2.5.0.9\",\"matchCriteriaId\":\"180772FD-F4CE-4A77-B86A-9A293963B23B\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/162239\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/1077147\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/162239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/1077147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-FV6Q-CPFX-7RJ8

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:34

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-4397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-24T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239",
  "id": "GHSA-fv6q-cpfx-7rj8",
  "modified": "2024-04-04T02:34:19Z",
  "published": "2022-05-24T16:59:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4397"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/1077147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-4397

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-4397

Aliases

CVE-2019-4397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-4397",
    "description": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239",
    "id": "GSD-2019-4397"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-4397"
      ],
      "details": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239",
      "id": "GSD-2019-4397",
      "modified": "2023-12-13T01:23:41.968778Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2019-10-23T00:00:00",
        "ID": "CVE-2019-4397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cloud Orchestrator",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.4"
                        },
                        {
                          "version_value": "2.4.0.1"
                        },
                        {
                          "version_value": "2.4.0.2"
                        },
                        {
                          "version_value": "2.5"
                        },
                        {
                          "version_value": "2.5.0.1"
                        },
                        {
                          "version_value": "2.4.0.3"
                        },
                        {
                          "version_value": "2.5.0.2"
                        },
                        {
                          "version_value": "2.4.0.4"
                        },
                        {
                          "version_value": "2.5.0.3"
                        },
                        {
                          "version_value": "2.5.0.4"
                        },
                        {
                          "version_value": "2.4.0.5"
                        },
                        {
                          "version_value": "2.5.0.5"
                        },
                        {
                          "version_value": "2.5.0.6"
                        },
                        {
                          "version_value": "2.5.0.7"
                        },
                        {
                          "version_value": "2.5.0.8"
                        },
                        {
                          "version_value": "2.5.0.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "H",
            "AV": "N",
            "C": "H",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "5.300",
            "UI": "N"
          },
          "TM": {
            "E": "U",
            "RC": "C",
            "RL": "O"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Obtain Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/1077147",
            "refsource": "CONFIRM",
            "title": "IBM Security Bulletin 1077147 (Cloud Orchestrator)",
            "url": "https://www.ibm.com/support/pages/node/1077147"
          },
          {
            "name": "ibm-co-cve20194397-info-disc (162239)",
            "refsource": "XF",
            "title": "X-Force Vulnerability Report",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0.9",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0.9",
                "versionStartIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.0.5",
                "versionStartIncluding": "2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.0.5",
                "versionStartIncluding": "2.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2019-4397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1077147",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/1077147"
            },
            {
              "name": "ibm-co-cve20194397-info-disc (162239)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-30T14:37Z",
      "publishedDate": "2019-10-24T12:15Z"
    }
  }
}

CNVD-2019-39203

Vulnerability from cnvd - Published: 2019-11-05

Title

IBM Cloud Orchestrator信息泄露漏洞（CNVD-2019-39203）

Description

IBM Cloud Orchestrator是美国IBM公司的一套为云管理解决方案。该方案提供扩展内部和外部部署云服务以及应用程序接口和工具扩展与现有环境集成等功能。 IBM Cloud Orchestrator中存在信息泄露漏洞，该漏洞源于程序将敏感信息存储在URL参数中。攻击者可利用该漏洞泄露信息。

Severity

中

Patch Name

IBM Cloud Orchestrator信息泄露漏洞（CNVD-2019-39203）

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/1077147

Reference

https://www.ibm.com/support/pages/node/1077147 https://exchange.xforce.ibmcloud.com/vulnerabilities/162239

Impacted products

Name
['IBM Cloud Orchestrator 2.5', 'IBM Cloud Orchestrator 2.4', 'IBM Cloud Orchestrator 2.4.0.2', 'IBM Cloud Orchestrator 2.4.0.3', 'IBM Cloud Orchestrator 2.5.0.2', 'IBM Cloud Orchestrator 2.5.0.3', 'IBM Cloud Orchestrator 2.4.0.4', 'IBM Cloud Orchestrator Enterprise 2.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.1', 'IBM Cloud Orchestrator Enterprise 2.5.0.2', 'IBM Cloud Orchestrator Enterprise 2.4', 'IBM Cloud Orchestrator Enterprise 2.4.0.1', 'IBM Cloud Orchestrator Enterprise 2.4.0.2', 'IBM Cloud Orchestrator Enterprise 2.4.0.3', 'IBM Cloud Orchestrator Enterprise 2.4.0.4', 'IBM Cloud Orchestrator 2.4.0.1', 'IBM Cloud Orchestrator 2.5.0.5', 'IBM Cloud Orchestrator 2.5.0.6', 'IBM Cloud Orchestrator 2.5.0.7', 'IBM Cloud Orchestrator 2.5.0.8', 'IBM Cloud Orchestrator 2.5.0.9', 'IBM Cloud Orchestrator 2.4.0.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.3', 'IBM Cloud Orchestrator Enterprise 2.5.0.4', 'IBM Cloud Orchestrator Enterprise 2.5.0.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.6', 'IBM Cloud Orchestrator Enterprise 2.5.0.7', 'IBM Cloud Orchestrator Enterprise 2.5.0.8', 'IBM Cloud Orchestrator Enterprise 2.5.0.9', 'IBM Cloud Orchestrator Enterprise 2.4.0.5', 'IBM Cloud Orchestrator 2.5.0.1', 'IBM Cloud Orchestrator 2.5.0.4']

Name

['IBM Cloud Orchestrator 2.5', 'IBM Cloud Orchestrator 2.4', 'IBM Cloud Orchestrator 2.4.0.2', 'IBM Cloud Orchestrator 2.4.0.3', 'IBM Cloud Orchestrator 2.5.0.2', 'IBM Cloud Orchestrator 2.5.0.3', 'IBM Cloud Orchestrator 2.4.0.4', 'IBM Cloud Orchestrator Enterprise 2.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.1', 'IBM Cloud Orchestrator Enterprise 2.5.0.2', 'IBM Cloud Orchestrator Enterprise 2.4', 'IBM Cloud Orchestrator Enterprise 2.4.0.1', 'IBM Cloud Orchestrator Enterprise 2.4.0.2', 'IBM Cloud Orchestrator Enterprise 2.4.0.3', 'IBM Cloud Orchestrator Enterprise 2.4.0.4', 'IBM Cloud Orchestrator 2.4.0.1', 'IBM Cloud Orchestrator 2.5.0.5', 'IBM Cloud Orchestrator 2.5.0.6', 'IBM Cloud Orchestrator 2.5.0.7', 'IBM Cloud Orchestrator 2.5.0.8', 'IBM Cloud Orchestrator 2.5.0.9', 'IBM Cloud Orchestrator 2.4.0.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.3', 'IBM Cloud Orchestrator Enterprise 2.5.0.4', 'IBM Cloud Orchestrator Enterprise 2.5.0.5', 'IBM Cloud Orchestrator Enterprise 2.5.0.6', 'IBM Cloud Orchestrator Enterprise 2.5.0.7', 'IBM Cloud Orchestrator Enterprise 2.5.0.8', 'IBM Cloud Orchestrator Enterprise 2.5.0.9', 'IBM Cloud Orchestrator Enterprise 2.4.0.5', 'IBM Cloud Orchestrator 2.5.0.1', 'IBM Cloud Orchestrator 2.5.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-4397"
    }
  },
  "description": "IBM Cloud Orchestrator\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u4e91\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u6269\u5c55\u5185\u90e8\u548c\u5916\u90e8\u90e8\u7f72\u4e91\u670d\u52a1\u4ee5\u53ca\u5e94\u7528\u7a0b\u5e8f\u63a5\u53e3\u548c\u5de5\u5177\u6269\u5c55\u4e0e\u73b0\u6709\u73af\u5883\u96c6\u6210\u7b49\u529f\u80fd\u3002\n\nIBM Cloud Orchestrator\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u5728URL\u53c2\u6570\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/1077147",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39203",
  "openTime": "2019-11-05",
  "patchDescription": "IBM Cloud Orchestrator\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u4e91\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u6269\u5c55\u5185\u90e8\u548c\u5916\u90e8\u90e8\u7f72\u4e91\u670d\u52a1\u4ee5\u53ca\u5e94\u7528\u7a0b\u5e8f\u63a5\u53e3\u548c\u5de5\u5177\u6269\u5c55\u4e0e\u73b0\u6709\u73af\u5883\u96c6\u6210\u7b49\u529f\u80fd\u3002\n\nIBM Cloud Orchestrator\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5b58\u50a8\u5728URL\u53c2\u6570\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
  "patchName": "IBM Cloud Orchestrator\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-39203\uff09",
  "products": {
    "product": [
      "IBM Cloud Orchestrator 2.5",
      "IBM Cloud Orchestrator  2.4",
      "IBM Cloud Orchestrator  2.4.0.2",
      "IBM Cloud Orchestrator  2.4.0.3",
      "IBM Cloud Orchestrator 2.5.0.2",
      "IBM Cloud Orchestrator 2.5.0.3",
      "IBM Cloud Orchestrator 2.4.0.4",
      "IBM Cloud Orchestrator Enterprise 2.5",
      "IBM Cloud Orchestrator Enterprise 2.5.0.1",
      "IBM Cloud Orchestrator Enterprise 2.5.0.2",
      "IBM Cloud Orchestrator Enterprise 2.4",
      "IBM Cloud Orchestrator Enterprise 2.4.0.1",
      "IBM Cloud Orchestrator Enterprise 2.4.0.2",
      "IBM Cloud Orchestrator Enterprise 2.4.0.3",
      "IBM Cloud Orchestrator Enterprise 2.4.0.4",
      "IBM Cloud Orchestrator 2.4.0.1",
      "IBM Cloud Orchestrator 2.5.0.5",
      "IBM Cloud Orchestrator 2.5.0.6",
      "IBM Cloud Orchestrator 2.5.0.7",
      "IBM Cloud Orchestrator 2.5.0.8",
      "IBM Cloud Orchestrator 2.5.0.9",
      "IBM Cloud Orchestrator 2.4.0.5",
      "IBM Cloud Orchestrator Enterprise 2.5.0.3",
      "IBM Cloud Orchestrator Enterprise 2.5.0.4",
      "IBM Cloud Orchestrator Enterprise 2.5.0.5",
      "IBM Cloud Orchestrator Enterprise 2.5.0.6",
      "IBM Cloud Orchestrator Enterprise 2.5.0.7",
      "IBM Cloud Orchestrator Enterprise 2.5.0.8",
      "IBM Cloud Orchestrator Enterprise 2.5.0.9",
      "IBM Cloud Orchestrator Enterprise 2.4.0.5",
      "IBM Cloud Orchestrator 2.5.0.1",
      "IBM Cloud Orchestrator 2.5.0.4"
    ]
  },
  "referenceLink": "https://www.ibm.com/support/pages/node/1077147\r\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/162239",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-24",
  "title": "IBM Cloud Orchestrator\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-39203\uff09"
}

FKIE_CVE-2019-4397

Vulnerability from fkie_nvd - Published: 2019-10-24 12:15 - Updated: 2024-11-21 04:43

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/162239	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/1077147	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/162239	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/1077147	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	cloud_orchestrator	*
ibm	cloud_orchestrator	*
ibm	cloud_orchestrator_enterprise	*
ibm	cloud_orchestrator_enterprise	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A49276-4EDB-46EA-B8B0-95CE5363B76F",
              "versionEndIncluding": "2.4.0.5",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "923A97A8-252D-4DCE-877A-08E2D396A853",
              "versionEndIncluding": "2.5.0.9",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5DB9235-76C6-494E-B904-A53B818BD575",
              "versionEndIncluding": "2.4.0.5",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_orchestrator_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "180772FD-F4CE-4A77-B86A-9A293963B23B",
              "versionEndIncluding": "2.5.0.9",
              "versionStartIncluding": "2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239"
    },
    {
      "lang": "es",
      "value": "IBM Cloud Orchestrator e IBM Cloud Orchestrator Enterprise versiones 2.5 hasta 2.5.0.9 y 2.4 hasta 2.4.0.5, almacenan informaci\u00f3n confidencial en par\u00e1metros de la URL. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n si las partes no autorizadas tienen acceso a las URL por medio de los registros del servidor, encabezado de referencia o historial del navegador. ID de IBM X-Force: 162239"
    }
  ],
  "id": "CVE-2019-4397",
  "lastModified": "2024-11-21T04:43:33.437",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-24T12:15:11.697",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1077147"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-4397 (GCVE-0-2019-4397)

GHSA-FV6Q-CPFX-7RJ8

GSD-2019-4397

CNVD-2019-39203

FKIE_CVE-2019-4397

Tags

Sightings

Nomenclature