CVE-2019-4259

EUVD-2019-13866
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/I:N/C:L/S:U/A:N/AC:L/PR:N/UI:N/AV:L/RC:C/RL:O/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
ibmspectrum_scale
4.1.1.0 ≤
𝑥
≤ 4.1.1.22
ibmspectrum_scale
4.2.0.0 ≤
𝑥
≤ 4.2.3.13
ibmspectrum_scale
5.0.0.0 ≤
𝑥
≤ 5.0.2.3
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/160011
https://www.ibm.com/support/docview.wss?uid=ibm10883568
https://exchange.xforce.ibmcloud.com/vulnerabilities/160011
https://www.ibm.com/support/docview.wss?uid=ibm10883568