CVE-2019-4619

CWE-2094 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 74.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ IBM MQ Appliance IBM Websphere MQ

Timeline

PublishedMar 16

Latest updateMay 24

Description

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDibm/mq_appliance8.0.0.0 — 8.0.0.14+2

▶NVDibm/mq8.0.0.0 — 8.0.0.14+3

▶NVDibm/websphere_mq7.1.0.0 — 7.5.0.9

▶CVEListV5ibm/mq50 versions+49

🔴Vulnerability Details

GHSA

GHSA-9q3c-fv37-7prc: IBM MQ and IBM MQ Appliance 7↗2022-05-24

▶

CVEList

CVE-2019-4619: IBM MQ and IBM MQ Appliance 7↗2020-03-16

▶

💬Community

Bugzilla

CVE-2019-12216 SDL: heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW in IMG_pcx.c↗2019-07-23

▶