CVE-2019-4072

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10873036	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/157064	VDB Entry Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ibm10873036	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/157064	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:tivoli_storage_productivity_center::::::::

History

21 Nov 2024, 04:43

Type	Values Removed	Values Added
References	~~() http://www.ibm.com/support/docview.wss?uid=ibm10873036 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=ibm10873036 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/157064 - Vendor Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/157064 - VDB Entry, Vendor Advisory

Information

Published : 2019-05-09 15:29

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4072

Mitre link : CVE-2019-4072

CVE.ORG link : CVE-2019-4072

JSON object : View

Products Affected

ibm

spectrum_control
tivoli_storage_productivity_center

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2019-4072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2019-05-09T15:29:04.793", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."}, {"lang": "es", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition versi\u00f3n 5.2.1 hasta la versi\u00f3n 5.2.17), permite a los usuarios permanecer inactivos dentro de la aplicaci\u00f3n, incluso cuando un usuario ha cerrado la sesi\u00f3n. Utilizando el bot\u00f3n back de la aplicaci\u00f3n, los usuarios pueden permanecer conectados como el usuario actual durante un corto per\u00edodo de tiempo, por lo tanto a los usuarios se les presenta informaci\u00f3n de Spectrum Control Application. ID de IBM X-Force: 157064."}], "lastModified": "2024-11-21T04:43:07.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D339C119-A10F-4238-B857-CD728614EDB4", "versionEndIncluding": "5.2.17.2", "versionStartIncluding": "5.2.8"}, {"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9FEBFCA-CBA5-49CF-B242-EA642C02712A", "versionEndIncluding": "5.3.1", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_productivity_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B241C479-3E3E-4248-BFF7-B92CE300537A", "versionEndIncluding": "5.2.7.1", "versionStartIncluding": "5.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}