CVE-2019-4640

EUVD-2019-14247
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ibmCNA
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/PR:H/A:N/S:U/UI:N/C:N/AC:H/AV:N/I:H/E:U/RC:C/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_secret_server
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/170046
https://www.ibm.com/support/pages/node/2929923
https://exchange.xforce.ibmcloud.com/vulnerabilities/170046
https://www.ibm.com/support/pages/node/2929923