CVE-2019-4265 - OpenCVE

IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Maximo Anywhere

Configuration 1 [-]

OR	cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:::::::*
	cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:::::::*
	cpe:2.3:a:ibm:maximo_anywhere:7.6.2.0:::::::*
	cpe:2.3:a:ibm:maximo_anywhere:7.6.3.0:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/160198	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1078995	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2019-10-07T00:00:00

Updated: 2019-10-10T14:00:19

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4265

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-10T14:15:18.957

Modified: 2020-04-30T19:07:17.717

Link: CVE-2019-4265

JSON object: View

Redhat Information

No data.

CWE

CWE-922

{"containers": {"cna": {"affected": [{"product": "Maximo Anywhere", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.6.0.0"}, {"status": "affected", "version": "7.6.1.0"}, {"status": "affected", "version": "7.6.2.0"}, {"status": "affected", "version": "7.6.2.1"}, {"status": "affected", "version": "7.6.3.0"}]}], "datePublic": "2019-10-07T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2.1, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/I:N/C:L/AV:P/S:U/UI:N/A:N/AC:L/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-10T14:00:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/1078995"}, {"name": "ibm-maximo-cve20194265-info-disc (160198)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160198"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-10-07T00:00:00", "ID": "CVE-2019-4265", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Maximo Anywhere", "version": {"version_data": [{"version_value": "7.6.0.0"}, {"version_value": "7.6.1.0"}, {"version_value": "7.6.2.0"}, {"version_value": "7.6.2.1"}, {"version_value": "7.6.3.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "P", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/1078995", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1078995 (Maximo Anywhere)", "url": "https://www.ibm.com/support/pages/node/1078995"}, {"name": "ibm-maximo-cve20194265-info-disc (160198)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160198"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4265", "datePublished": "2019-10-07T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-10-10T14:00:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "67CD3018-546A-4CFF-B28B-A7DF2EE71634", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E203B3E-6A26-40BD-8F72-B738D4BF6EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "184E4817-EC0C-440C-9DF3-28F09B965129", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0269CA3-0A64-4D16-9B60-570F64AE506E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198."}, {"lang": "es", "value": "IBM Maximo Anywhere versiones 7.6.0, 7.6.1, 7.6.2 y 7.6.3, no posee detecci\u00f3n root del dispositivo, lo que podr\u00eda resultar en que un atacante consiga informaci\u00f3n confidencial sobre el dispositivo. ID de IBM X-Force: 160198."}], "id": "CVE-2019-4265", "lastModified": "2020-04-30T19:07:17.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-10T14:15:18.957", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160198"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/1078995"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}]}