Local File Access Vulnerability in IBM Cloud Pak System
CVE-2019-4465

4MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Pak System
Vendor
CVE Published:
3 December 2019

Summary

A flaw in IBM Cloud Pak System versions 2.3 and 2.3.0.1 allows local web pages to be accessed by unauthorized users. This vulnerability could enable a user to view sensitive information stored in these pages, compromising the confidentiality of data within the system. It is crucial for organizations using these versions to apply necessary security measures and review user access controls.

Affected Version(s)

Cloud Pak System 2.3

Cloud Pak System 2.2

References

https://www.ibm.com/support/pages/node/1118487
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/163774
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.