Insufficient Access Control in IBM Jazz for Service Management
CVE-2019-4194

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 17 July 2019

Summary

IBM Jazz for Service Management versions 1.1.3, 1.1.3.1, and 1.1.3.2 are affected by a vulnerability that lacks proper function level access controls. This flaw can enable unauthorized users to delete resources that they should not have access to, posing a significant risk to data integrity and system security. Organizations using these versions should apply fixes and implement security measures to mitigate this risk.

Affected Version(s)

Jazz for Service Management 1.1.3

Jazz for Service Management 1.1.3.1

Jazz for Service Management 1.1.3.2

References

http://www.ibm.com/support/docview.wss?uid=ibm10885989

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159033

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2019
Vulnerability Reserved
Jan 3, 2019