{ "id": "CVE-2019-4259", "sourceIdentifier": "psirt@us.ibm.com", "published": "2019-05-13T16:29:01.290", "lastModified": "2023-01-30T19:10:13.883", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad de seguridad en IBM Spectrum Scale versiones 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.2, 4.2.3 y 5.0.0 con la pila CES habilitada que podr\u00eda permitir incluir datos sensibles en las instant\u00e1neas de servicio. IBM X-Force ID: 160011." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ], "cvssMetricV30": [ { "source": "psirt@us.ibm.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.5, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1 }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1.1.0", "versionEndIncluding": "4.1.1.22", "matchCriteriaId": "85B0AD9C-560E-415E-A3AA-5B7AF4722B17" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2.0.0", "versionEndIncluding": "4.2.3.13", "matchCriteriaId": "F9F52758-B2D5-48F3-B8F6-03971CA0E834" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0.0", "versionEndIncluding": "5.0.2.3", "matchCriteriaId": "5CEC5147-C051-4BEB-B8E7-FC4B27D045F7" } ] } ] } ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160011", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory", "VDB Entry" ] }, { "url": "https://www.ibm.com/support/docview.wss?uid=ibm10883568", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ] } ] }