CVE-2019-4234

EUVD-2019-13841
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/C:N/AV:N/S:U/PR:L/A:N/AC:L/I:L/UI:N/RC:C/E:U/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ibmpureapplication_system
2.2.3.0 ≤
𝑥
≤ 2.2.5.3
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/159416
https://www-01.ibm.com/support/docview.wss?uid=ibm10885602
https://exchange.xforce.ibmcloud.com/vulnerabilities/159416
https://www-01.ibm.com/support/docview.wss?uid=ibm10885602