Cross-Site Request Forgery Vulnerability in IBM Cloud App Management
CVE-2019-4750

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cloud App Management
Vendor: CVE Published:; 24 April 2020

Summary

IBM Cloud App Management versions 2019.3.0 and 2019.4.0 are susceptible to a cross-site request forgery (CSRF) vulnerability. This security weakness allows an attacker to execute unauthorized actions on behalf of a user trusted by the application, potentially compromising sensitive data and operations. The flaw exists due to inadequate validation of user requests and can be exploited if a user is persuaded to interact with a malicious site while authenticated. For more information, visit the IBM Support page or check the IBM X-Force Exchange.

Affected Version(s)

Cloud App Management 2019.3.0

Cloud App Management 2019.4.0

References

https://www.ibm.com/support/pages/node/6190551

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/173310

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2020
Vulnerability Reserved
Jan 3, 2019