{ "id": "CVE-2019-4427", "sourceIdentifier": "psirt@us.ibm.com", "published": "2020-02-12T16:15:11.287", "lastModified": "2020-02-14T18:39:39.850", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773." }, { "lang": "es", "value": "Los instaladores de Windows de IBM Cloud CLI versiones 0.6.0 hasta 0.16.1, son firmados con el certificado SHA1. Un atacante podr\u00eda ser capaz de explotar el algoritmo d\u00e9bil para generar un instalador con software malicioso dentro. ID de IBM X-Force: 162773." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV30": [ { "source": "psirt@us.ibm.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-327" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:cloud_cli:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.6.0", "versionEndIncluding": "0.16.1", "matchCriteriaId": "E1218C5D-304C-4DE1-97C8-4E4086285CCD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" } ] } ] } ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162773", "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ] }, { "url": "https://www.ibm.com/support/pages/node/1356087", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ] } ] }