CVE-2019-4603

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/168295	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6172629	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/168295	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6172629	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_quality_manager:6.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:6.0.6:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:::::::*

History

21 Nov 2024, 04:43

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/168295 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/168295 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6172629 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6172629 - Patch, Vendor Advisory

Information

Published : 2020-04-08 14:15

Updated : 2024-11-21 04:43

NVD link : CVE-2019-4603

Mitre link : CVE-2019-4603

CVE.ORG link : CVE-2019-4603

JSON object : View

Products Affected

ibm

rational_quality_manager

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2019-4603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-04-08T14:15:12.787", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6172629", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168295", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6172629", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295."}, {"lang": "es", "value": "IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podr\u00eda permitir a un usuario autenticado crear palabras clave por medio de la API REST y hacer que aparezcan como si fueran creadas por otro usuario. ID de IBM X-Force: 168295."}], "lastModified": "2024-11-21T04:43:50.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}