CVE-2019-4306 - OpenCVE

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Security Guardium Big Data Intelligence

Configuration 1 [-]

cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/160986	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1096396	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2019-10-22T00:00:00

Updated: 2019-10-28T23:36:07

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4306

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-29T00:15:10.933

Modified: 2023-02-03T23:48:32.620

Link: CVE-2019-4306

JSON object: View

Redhat Information

No data.

CWE

CWE-668

{"containers": {"cna": {"affected": [{"product": "Security Guardium Big Data Intelligence", "vendor": "IBM", "versions": [{"status": "affected", "version": "4"}]}], "datePublic": "2019-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/I:L/AC:L/S:U/A:N/AV:N/UI:N/C:L/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-28T23:36:07", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/1096396"}, {"name": "ibm-guardium-cve20194306-access-control (160986)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-10-22T00:00:00", "ID": "CVE-2019-4306", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Security Guardium Big Data Intelligence", "version": {"version_data": [{"version_value": "4"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/1096396", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1096396 (Security Guardium Big Data Intelligence)", "url": "https://www.ibm.com/support/pages/node/1096396"}, {"name": "ibm-guardium-cve20194306-access-control (160986)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4306", "datePublished": "2019-10-22T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-10-28T23:36:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5DF1F64-C2BE-4B7A-82B9-B32D304AC739", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986."}, {"lang": "es", "value": "IBM Security Guardium Big Data Intelligence (SonarG) versi\u00f3n 4.0, especifica permisos para un recurso cr\u00edtico de seguridad que podr\u00eda conllevar a la exposici\u00f3n de informaci\u00f3n confidencial o la modificaci\u00f3n de ese recurso por partes no previstas. ID de IBM X-Force: 160986."}], "id": "CVE-2019-4306", "lastModified": "2023-02-03T23:48:32.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T00:15:10.933", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160986"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/1096396"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}