CVE-2019-4284

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/160512	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10885454	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/160512	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10885454	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_private::::::::
	cpe:2.3:a:ibm:cloud_private:3.1.0:::::::*
	cpe:2.3:a:ibm:cloud_private:3.1.1:::::::*
	cpe:2.3:a:ibm:cloud_private:3.1.2:::::::*

History

21 Nov 2024, 04:43

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/160512 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/160512 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/docview.wss?uid=ibm10885454 - Vendor Advisory~~	() https://www.ibm.com/support/docview.wss?uid=ibm10885454 - Vendor Advisory

Information

Published : 2019-08-05 14:15

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4284

Mitre link : CVE-2019-4284

CVE.ORG link : CVE-2019-4284

JSON object : View

Products Affected

ibm

cloud_private

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2019-4284", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2019-08-05T14:15:12.067", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512."}, {"lang": "es", "value": "Cloud Private de IBM versiones 2.1.0, 3.1.0, 3.1.1 y 3.1.2, podr\u00eda permitir a un usuario privilegiado local obtener un token OIDC inestable en el sistema que se imprime en archivos de registro, que podr\u00edan ser usados para iniciar sesi\u00f3n en el sistema como otro usuario . ID de IBM X-Force: 160512."}], "lastModified": "2024-11-21T04:43:25.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "511384DA-852E-48C4-AECF-1C99A7CACD34", "versionEndIncluding": "2.1.0.3", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:ibm:cloud_private:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8902916-DD7C-4F3B-9C64-EB692E7AB79A"}, {"criteria": "cpe:2.3:a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73189517-F9CF-4DB8-B48B-6D7DE87FD1F9"}, {"criteria": "cpe:2.3:a:ibm:cloud_private:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D04F7694-CC11-46BF-9FE0-EA2D93BC0FE1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}