CVE-2019-4220

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 92.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server IBM Infosphere Information Server ON Cloud IBM Watson Knowledge Catalog

Timeline

PublishedJun 6

Latest updateMay 24

Description

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/infosphere_information_server11.7.1.0

▶NVDibm/infosphere_information11.7.1.0

▶NVDibm/watson_knowledge_catalog11.7.1.0

🔴Vulnerability Details

GHSA

GHSA-hgxx-phvq-94mf: IBM InfoSphere Information Server 11↗2022-05-24

▶

CVEList

CVE-2019-4220: IBM InfoSphere Information Server 11↗2019-06-06

▶