CVE-2019-4556

IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/166205	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1102443	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/166205	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1102443	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:qradar_advisor_with_watson:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:43

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/166205 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/166205 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/1102443 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/1102443 - Patch, Vendor Advisory

Information

Published : 2019-11-09 02:15

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4556

Mitre link : CVE-2019-4556

CVE.ORG link : CVE-2019-4556

JSON object : View

Products Affected

ibm

qradar_advisor_with_watson

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-4556", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-11-09T02:15:11.287", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/1102443", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166205", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/1102443", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205."}, {"lang": "es", "value": "IBM QRadar Advisor versiones 1.0.0 hasta 2.4.0, utiliza listas negras incompletas para la comprobaci\u00f3n de entrada lo que permite a atacantes omitir los controles de la aplicaci\u00f3n, resultando en un impacto directo en el sistema y la integridad de los datos. ID de IBM X-Force: 166205."}], "lastModified": "2024-11-21T04:43:43.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_advisor_with_watson:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "328E11D0-D784-4094-92D5-4A3E0FEBDDA9", "versionEndIncluding": "2.4.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}