Medium Severity

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Share this post:

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack

CVE(s): CVE-2019-4142

Affected product(s) and affected version(s):
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338

More stories

Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local

Dec 9, 2019 7:01 pm EST | Medium Severity

CVEID:   CVE-2019-2389 DESCRIPTION:   Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166352 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ...read more


Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2019-4663)

Dec 9, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4663 DESCRIPTION: IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)   ...read more


Security Bulletin: Vulnerabilities addressed in IBM Cloud Pak System (CVE-2019-4521, CVE-2019-4095)

Dec 9, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4521 DESCRIPTION:   Platform System Manager in IBM Cloud Pak System is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.CVSS Base score: 7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165179 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-4095 DESCRIPTION:   IBM Pure Application System is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158015 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ...read more