Information Disclosure in IBM FileNet Content Manager Versions 5.5.2 and 5.5.3
CVE-2019-4572

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Filenet Content Manager
Vendor: CVE Published:; 14 October 2019

What is CVE-2019-4572?

IBM FileNet Content Manager versions 5.5.2 and 5.5.3, under certain configurations, may unintentionally log web service user credentials into log files. These log files could be accessed by an administrator on the local machine, leading to potential exposure of sensitive information.

Affected Version(s)

FileNet Content Manager 5.5.2

FileNet Content Manager 5.5.3

References

https://www.ibm.com/support/pages/node/1072042

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/166798

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2019
Vulnerability Reserved
Jan 3, 2019