CVE-2019-4243

5 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 75.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Smartcloud Analytics LOG Analysis IBM Smartcloud Analytics

Timeline

PublishedNov 22

Latest updateMay 24

Description

IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized disclosure of information like accessing solrconfig.xml and could allow an attacker to perform disruptive administrator tasks. IBM X-Force ID: 159517.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶NVDibm/smartcloud_analytics_log_analysis1.3.1 — 1.3.5

▶CVEListV5ibm/smartcloud_analytics5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jp62-fqhg-pr3x: IBM SmartCloud Analytics 1↗2022-05-24

▶

CVEList

CVE-2019-4243: IBM SmartCloud Analytics 1↗2019-11-22

▶

💬Community

Bugzilla

CVE-2019-19340 Tower: enabling RabbitMQ manager in the installer exposes the management interface publicly↗2019-12-12

▶

Bugzilla

CVE-2019-19341 Tower: intermediate files during Tower backup are world-readable↗2019-12-12

▶