Unauthorized Access in IBM SmartCloud Analytics
CVE-2019-4244

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Smartcloud Analytics
Vendor: CVE Published:; 10 December 2019

Summary

IBM SmartCloud Analytics versions 1.3.1 through 1.3.5 are susceptible to a security flaw that enables remote attackers to compromise Zookeeper installations. This vulnerability arises from inadequate authentication measures, allowing attackers to gain unauthorized access and control over sensitive data and configurations, highlighting the importance of stringent security practices.

Affected Version(s)

SmartCloud Analytics 1.3.1

SmartCloud Analytics 1.3.2

SmartCloud Analytics 1.3.3

References

https://www.ibm.com/support/pages/node/1127523

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159518

vdb-entryx_refsource_XF

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2019
Vulnerability Reserved
Jan 3, 2019