CVE-2019-4556Function Call with Incorrectly Specified Arguments in IBM Qradar Advisor With Watson

CWE-628Function Call with Incorrectly Specified Arguments7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 62.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar Advisor With WatsonIBM Qradar Advisor
Timeline
PublishedNov 9
Latest updateMay 24

Description

IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/qradar_advisor_with_watson1.0.02.4.0
CVEListV5ibm/qradar_advisor1.0.0, 2.4.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-jrh5-cghp-wff5: IBM QRadar Advisor 12022-05-24
CVEList
CVE-2019-4556: IBM QRadar Advisor 12019-11-09

📋Vendor Advisories

2
Red Hat
krb5: reversed strlcpy() allows client to crash the KDC2019-09-26
Microsoft
A flaw was found in Fedora versions of krb5 from 1.16.1 to including 1.17.x in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user co2019-09-10

💬Community

2
Bugzilla
CVE-2019-15657 npmjs-eslint-utils: arbitarary code execution in getStaticValue function2020-06-19
Bugzilla
CVE-2019-14844 krb5: reversed strlcpy() allows client to crash the KDC2019-09-19
CVE-2019-4556 — IBM vulnerability | cvebase