Lucene search

IbmCVE-2019-4284

HistoryAug 05, 2019 - 2:15 p.m.

CVE-2019-4284

2019-08-0514:15:12

CWE-532

ibm

web.nvd.nist.gov

ibm cloud private

oidc token

log files

system access

vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

Affected configurations

Nvd

Vulners

Node

ibmcloud_privateRange2.1.0–2.1.0.3

ibmcloud_privateMatch3.1.0

ibmcloud_privateMatch3.1.1

ibmcloud_privateMatch3.1.2

VendorProductVersionCPE
ibmcloud_private*cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*
ibmcloud_private3.1.0cpe:2.3:a:ibm:cloud_private:3.1.0:*:*:*:*:*:*:*
ibmcloud_private3.1.1cpe:2.3:a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*
ibmcloud_private3.1.2cpe:2.3:a:ibm:cloud_private:3.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_private	*	cpe:2.3:a:ibm:cloud_private::::::::
ibm	cloud_private	3.1.0	cpe:2.3:a:ibm:cloud_private:3.1.0:::::::*
ibm	cloud_private	3.1.1	cpe:2.3:a:ibm:cloud_private:3.1.1:::::::*
ibm	cloud_private	3.1.2	cpe:2.3:a:ibm:cloud_private:3.1.2:::::::*

CNA Affected

[
  {
    "product": "Cloud Private",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.1.1"
      },
      {
        "status": "affected",
        "version": "3.1.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/160512

www.ibm.com/support/docview.wss?uid=ibm10885454

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-4284