CVE-2019-4038
published 2019-02-04CVE-2019-4038: IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing…
medium6.2CVSS 3.1
AVPACLPRHUINSUCHIHAH
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bzip | bzip2 | >= 0 < 1.0.6-5ubuntu0.1~esm1 | 1.0.6-5ubuntu0.1~esm1 |
| ibm | security_identity_manager | — | — |
| ibm | security_identity_manager | — | — |
| ibm | security_identity_manager | 6.0.0.0 – 6.0.0.20 | — |
| ibm | security_identity_manager | 7.0.0.0 – 7.0.1.10 | — |
CVSS provenance
nvdv3.16.2MEDIUMCVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.5MEDIUM