CVE-2019-4047

CWE-269 — Improper Privilege Management CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 36.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Jazz Reporting Service

Timeline

PublishedApr 29

Latest updateMay 24

Description

IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/jazz_reporting_service6.0.6

▶NVDibm/jazz_reporting_service6.0.6

🔴Vulnerability Details

GHSA

GHSA-f8vv-7qp7-jr92: IBM Jazz Reporting Service (JRS) 6↗2022-05-24

▶

CVEList

CVE-2019-4047: IBM Jazz Reporting Service (JRS) 6↗2019-04-29

▶

📋Vendor Advisories

Red Hat

cfme: rubygem-rubyzip denial of service via crafted ZIP file↗2019-09-25

▶

💬Community

Bugzilla

CVE-2019-16892 cfme: rubygem-rubyzip denial of service via crafted ZIP file↗2019-11-12

▶