cve-2019-4603
Vulnerability from cvelistv5
Published
2020-04-08 14:05
Modified
2024-09-17 00:37
Severity ?
EPSS score ?
Summary
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/168295 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6172629 | Patch, Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
IBM | Rational Quality Manager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:48.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6172629" }, { "name": "ibm-rqm-cve20194603-spoofing (168295)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Rational Quality Manager", "vendor": "IBM", "versions": [ { "status": "affected", "version": "6.0.2" }, { "status": "affected", "version": "6.0.6" }, { "status": "affected", "version": "6.0.6.1" } ] } ], "datePublic": "2020-04-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/I:L/PR:L/C:N/AC:L/UI:N/AV:N/A:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-08T14:05:42", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6172629" }, { "name": "ibm-rqm-cve20194603-spoofing (168295)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-07T00:00:00", "ID": "CVE-2019-4603", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Rational Quality Manager", "version": { "version_data": [ { "version_value": "6.0.2" }, { "version_value": "6.0.6" }, { "version_value": "6.0.6.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "L", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6172629", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6172629 (Rational Quality Manager)", "url": "https://www.ibm.com/support/pages/node/6172629" }, { "name": "ibm-rqm-cve20194603-spoofing (168295)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4603", "datePublished": "2020-04-08T14:05:42.274122Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T00:37:11.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-4603\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2020-04-08T14:15:12.787\",\"lastModified\":\"2020-04-10T19:19:58.703\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.\"},{\"lang\":\"es\",\"value\":\"IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podr\u00eda permitir a un usuario autenticado crear palabras clave por medio de la API REST y hacer que aparezcan como si fueran creadas por otro usuario. ID de IBM X-Force: 168295.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ED82318-CB9F-4EC4-BABF-1F473B3AA799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E4E17CB-517F-4976-BBBC-3CD0188710E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E698C1B9-529C-42A1-9C8D-8088A2C1FC01\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/168295\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6172629\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.