Medium Severity

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Jun 15, 2019 9:00 am EST

Categorized: Medium Severity

Share this post:

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack

CVE(s): CVE-2019-4142

Affected product(s) and affected version(s):
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338


Previous Post

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Next Post

IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX
More stories

Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local

Dec 9, 2019 7:01 pm EST | Medium Severity

CVEID:   CVE-2019-2389 DESCRIPTION:   Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166352 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ...read more

Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

Dec 9, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)   ...read more

Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095)

Dec 9, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4521 DESCRIPTION:   Platform System Manager in IBM Cloud Pak System is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.CVSS Base score: 7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-4095 DESCRIPTION:   IBM Pure Application System is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ...read more