IBM288EAD4ACC93C3C5140F5A9FCB8623D767FA978B32AC2BA74FD0E3BF58ECEC57Security Bulletin: A Security Vulnerability affects IBM Cloud Private - NGINX (CVE-2019-20372)
EPSS
Percentile
68.1%
Summary
A Security Vulnerability affects IBM Cloud Private
Vulnerability Details
CVEID:CVE-2019-20372
**DESCRIPTION:**NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain error_page configurations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174252 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Private | 3.2.1 CD |
| IBM Cloud Private | 3.2.2 CD |
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- IBM Cloud Private 3.2.1
- IBM Cloud Private 3.2.2
For IBM Cloud Private 3.2.1, apply fix pack:
For IBM Cloud Private 3.2.2, apply fix pack:
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:
- Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
Related
EPSS
Percentile
68.1%