admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-41xx/CVE-2019-4171.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

150 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-4171",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2019-09-17T19:15:10.947",
"lastModified": "2022-12-09T18:58:13.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876."
},
{
"lang": "es",
"value": "IBM Cognos Controller versiones 10.3.0, 10.3.1, 10.4.0 y 10.4.1, no establece el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n. Esto podr\u00eda permitir a un atacante obtener informaci\u00f3n confidencial usando t\u00e9cnicas de tipo man in the middle. ID de IBM X-Force: 158876."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cognos_controller:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9021EE-6BDF-4722-A7EA-E984A21684A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cognos_controller:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F544128B-455B-4485-A98F-4DB751925B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8284ECE5-3938-47B2-99B6-6D3B9ECB8C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04E5A9C3-0F44-40C1-B6B6-92839E386F56"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink