CVE-2019-4068 - OpenCVE

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Intelligent Operations Center For Emergency Management Intelligent Operations Center Water Operations For Waternamics

Configuration 1 [-]

OR	cpe:2.3:a:ibm:intelligent_operations_center::::::::
	cpe:2.3:a:ibm:intelligent_operations_center_for_emergency_management::::::::
	cpe:2.3:a:ibm:water_operations_for_waternamics::::::::

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/157013	Vendor Advisory VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10880229	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2019-05-31T00:00:00

Updated: 2019-06-07T14:40:19

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4068

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-07T15:29:01.637

Modified: 2022-12-09T18:29:41.267

Link: CVE-2019-4068

JSON object: View

Redhat Information

No data.

CWE

CWE-307

{"containers": {"cna": {"affected": [{"product": "Intelligent Operations Center", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "5.1.0.1"}, {"status": "affected", "version": "5.1.0.2"}, {"status": "affected", "version": "5.1.0.3"}, {"status": "affected", "version": "5.1.0.4"}, {"status": "affected", "version": "5.1.0.5"}, {"status": "affected", "version": "5.1.0.6"}, {"status": "affected", "version": "5.1.0.7"}, {"status": "affected", "version": "5.1.0.8"}, {"status": "affected", "version": "5.1.0.9"}, {"status": "affected", "version": "5.1.0.10"}, {"status": "affected", "version": "5.1.0.11"}, {"status": "affected", "version": "5.1.0.12"}, {"status": "affected", "version": "5.1.0.13"}, {"status": "affected", "version": "5.1.0.14"}, {"status": "affected", "version": "5.2.0"}]}], "datePublic": "2019-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/AV:N/PR:N/AC:H/UI:N/C:H/S:U/A:N/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-07T14:40:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"}, {"name": "ibm-ioc-cve20194068-info-disc (157013)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-31T00:00:00", "ID": "CVE-2019-4068", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intelligent Operations Center", "version": {"version_data": [{"version_value": "5.1.0"}, {"version_value": "5.1.0.1"}, {"version_value": "5.1.0.2"}, {"version_value": "5.1.0.3"}, {"version_value": "5.1.0.4"}, {"version_value": "5.1.0.5"}, {"version_value": "5.1.0.6"}, {"version_value": "5.1.0.7"}, {"version_value": "5.1.0.8"}, {"version_value": "5.1.0.9"}, {"version_value": "5.1.0.10"}, {"version_value": "5.1.0.11"}, {"version_value": "5.1.0.12"}, {"version_value": "5.1.0.13"}, {"version_value": "5.1.0.14"}, {"version_value": "5.2.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "N", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880229", "refsource": "CONFIRM", "title": "IBM Security Bulletin 880229 (Intelligent Operations Center)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"}, {"name": "ibm-ioc-cve20194068-info-disc (157013)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4068", "datePublished": "2019-05-31T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-06-07T14:40:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:intelligent_operations_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D3CB03F-BB39-4860-816D-2C5DC3DB95D8", "versionEndIncluding": "5.2.0", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:intelligent_operations_center_for_emergency_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F71BB0B-10A9-4569-8068-DBF3CD7DB2AB", "versionEndIncluding": "5.1.0.6", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:water_operations_for_waternamics:*:*:*:*:*:*:*:*", "matchCriteriaId": "B211074E-17D9-434D-912B-67A7BB7FAC80", "versionEndIncluding": "5.2.1.1", "versionStartIncluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."}, {"lang": "es", "value": "IBM Intelligent Operations Center (IOC) versi\u00f3n 5.1.0 hasta la versi\u00f3n 5.2.0, es vulnerable a la enumeraci\u00f3n de usuarios, permitiendo a un atacante forzar en el sistema. ID de IBM X-Force: 157013."}], "id": "CVE-2019-4068", "lastModified": "2022-12-09T18:29:41.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-07T15:29:01.637", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}