Cross-Site Request Forgery in IBM Cloud Private
CVE-2019-4117

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Private
Vendor: CVE Published:; 20 August 2019

Summary

IBM Cloud Private versions 3.1.1 and 3.1.2 are susceptible to a cross-site request forgery vulnerability that could enable an attacker to perform unauthorized actions on behalf of a trusted user. This could allow the execution of malicious scripts, leading to potential data breaches or service disruptions. It's crucial for users to apply necessary security updates to mitigate this risk. More information can be found in IBM's official support documentation.

Affected Version(s)

Cloud Private 3.1.1

Cloud Private 3.1.2

References

http://www.ibm.com/support/docview.wss?uid=ibm10878396

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158116

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 3, 2019