Insufficient Access Control in IBM Jazz for Service Management
CVE-2019-4194

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
17 July 2019

Summary

IBM Jazz for Service Management versions 1.1.3, 1.1.3.1, and 1.1.3.2 are affected by a vulnerability that lacks proper function level access controls. This flaw can enable unauthorized users to delete resources that they should not have access to, posing a significant risk to data integrity and system security. Organizations using these versions should apply fixes and implement security measures to mitigate this risk.

Affected Version(s)

Jazz for Service Management 1.1.3

Jazz for Service Management 1.1.3.1

Jazz for Service Management 1.1.3.2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.