CVE-2020-4290

{"id": "CVE-2020-4290", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2020-04-08T14:15:13.413", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176333", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6172599", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176333", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6172599", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. IBM X-Force ID: 176333."}, {"lang": "es", "value": "IBM Security Information Queue (ISIQ) versiones 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 y 1.0.5, podr\u00eda permitir a cualquier usuario autenticado falsificar la configuraci\u00f3n del propietario de cualquier otro usuario que revele informaci\u00f3n confidencial o permita un acceso no autorizado. ID de IBM X-Force: 176333."}], "lastModified": "2024-11-21T05:32:31.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C1648E-DC06-40C1-9402-DCEA495EA56E"}, {"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC11E98-3C57-436E-B47A-B5EE0ED200CD"}, {"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44CEB32A-9E8E-429B-8196-CE3028B10846"}, {"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D9F72B-B893-4E2C-993E-13873859269D"}, {"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A82CC708-3CB3-4BBB-82EF-181C18ED522B"}, {"criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B1900B-4568-4017-B0A3-9B43C484ED31"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}