IBM Cloud Private Identity and Access Management is vulnerable to a cross-site request forgery attack
CVEID: CVE-2019-4117 DESCRIPTION: IBM Cloud Private is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158116> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private 3.1.1, apply patch:
For IBM Cloud Private, 2.1.x, 3.1.0:
None