CVE-2019-4038

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.2 HIGH
PHYSICAL
LOW
HIGH
CVSS:3.0/A:H/AC:L/AV:P/C:H/I:H/PR:H/S:C/UI:N/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
ibmsecurity_identity_manager
6.0.0.0 ≤
𝑥
≤ 6.0.0.20
ibmsecurity_identity_manager
7.0.0.0 ≤
𝑥
≤ 7.0.1.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/156162
https://www.ibm.com/support/docview.wss?uid=ibm10869604
https://exchange.xforce.ibmcloud.com/vulnerabilities/156162
https://www.ibm.com/support/docview.wss?uid=ibm10869604