Medium Severity
IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)
Jun 15, 2019 9:00 am EST
Categorized: Medium Severity
Share this post:
IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack
CVE(s): CVE-2019-4142
Affected product(s) and affected version(s):
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338
Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local
Dec 9, 2019 7:01 pm EST | Medium Severity
CVEID: CVE-2019-2389 DESCRIPTION: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166352 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ...read more
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)
Dec 9, 2019 7:00 pm EST | Medium Severity
CVEID: CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ...read more
Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095)
Dec 9, 2019 7:00 pm EST | Medium Severity
CVEID: CVE-2019-4521 DESCRIPTION: Platform System Manager in IBM Cloud Pak System is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.CVSS Base score: 7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-4095 DESCRIPTION: IBM Pure Application System is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ...read more