CVE-2019-4299

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.

CVSS v3 5.5 MEDIUM
CVSS v2.0 1.9 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10884842	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/160765	VDB Entry Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=ibm10884842	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/160765	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:robotic_process_automation_with_automation_anywhere:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:43

Type	Values Removed	Values Added
References	~~() http://www.ibm.com/support/docview.wss?uid=ibm10884842 - Patch, Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=ibm10884842 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/160765 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/160765 - VDB Entry, Vendor Advisory

Information

Published : 2019-07-01 15:15

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4299

Mitre link : CVE-2019-4299

CVE.ORG link : CVE-2019-4299

JSON object : View

Products Affected

ibm

robotic_process_automation_with_automation_anywhere

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2019-4299", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-07-01T15:15:12.727", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884842", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=ibm10884842", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160765", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765."}, {"lang": "es", "value": "IBM Robotic Process Automation with Automation Anywhere versi\u00f3n 11 podr\u00eda permitir que un usuario local obtenga informaci\u00f3n altamente sensible de los archivos de registro cuando la depuraci\u00f3n est\u00e1 habilitada. ID de IBM X-Force: 160765."}], "lastModified": "2024-11-21T04:43:26.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation_with_automation_anywhere:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "790B6290-19B3-4C43-ABB1-66B75F910E56", "versionEndExcluding": "11.0.0.5", "versionStartIncluding": "11.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}