CVE-2019-4038

CWE-94 — Code Injection4 documents4 sources

Severity

6.2MEDIUM

EPSS

0.1%

top 74.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Manager

Timeline

PublishedFeb 4

Latest updateMay 13

Description

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/security_identity_manager6.0.0.0 — 6.0.0.20+1

▶CVEListV5ibm/security_identity_manager6.0, 7.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4wxw-jxm6-5ch2: IBM Security Identity Manager 6↗2022-05-13

▶

OSV

bzip2 vulnerabilities↗2019-06-26

▶

CVEList

CVE-2019-4038: IBM Security Identity Manager 6↗2019-02-04

▶