CVE-2019-4239

6.2MEDIUM

Key Information:

Vendor: IBM
Status: MQ Advanced Cloud Pak (IBM Cloud Private); MQ Advanced Cloud Pak (IBM Cloud Private On Red Hat Openshift)
Vendor: CVE Published:; 14 June 2019

Summary

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.

Affected Version(s)

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.0.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.1.0

MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) 1.2.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10886591

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159465

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2019
Vulnerability Reserved
Jan 3, 2019