CVE-2019-4234IBM Pureapplication System vulnerability

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Pureapplication System
Timeline
PublishedJun 26
Latest updateMay 24

Description

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/pureapplication_system2.2.3.02.2.5.3
CVEListV5ibm/pureapplication_system8 versions+7

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-7pqv-vffj-rhrq: IBM PureApplication System 22022-05-24
CVEList
CVE-2019-4234: IBM PureApplication System 22019-06-26
CVE-2019-4234 — IBM vulnerability | cvebase