Security Bulletin: Spoofing vulnerability in Cloud Pak System (CVE-2019-4097)

2020-05-0611:57:04

www.ibm.com

JSON

Summary

Spoofing vulnerability identified in Cloud Pak System formerly known as PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2019-4097 **DESCRIPTION: **Spoofing vulnerability identified in Platform System Manager (PSM) shipped with PureApplication System. An attacker as authenticated user could steal or manipulate customer session and cookies.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158019 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cloud Pak System V2.3.0

Remediation/Fixes

For unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product. Contact IBM Cloud Pak System support for assistance.

For IBM Cloud Pak System V2.3.0, upgrade to V2.3.0.1.

Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None

CPENameOperatorVersion
pureapplication systemeq2.2.6.0
pureapplication systemeq2.2.5.3
pureapplication systemeq2.2.5.2
pureapplication systemeq2.2.5.1
pureapplication systemeq2.2.5.0
pureapplication systemeq2.2.4.0
pureapplication systemeq2.2.3.2
pureapplication systemeq2.2.3.1
pureapplication systemeq2.2.3.0
ibm cloud pak system softwareeq2.3.0

Name	Operator	Version
pureapplication system	eq	2.2.6.0
pureapplication system	eq	2.2.5.3
pureapplication system	eq	2.2.5.2
pureapplication system	eq	2.2.5.1
pureapplication system	eq	2.2.5.0
pureapplication system	eq	2.2.4.0
pureapplication system	eq	2.2.3.2
pureapplication system	eq	2.2.3.1
pureapplication system	eq	2.2.3.0
ibm cloud pak system software	eq	2.3.0

JSON

Related for FD756D2430D56C502E63B78FF46E66A645EBE90237DC5B3176E06A555E8CB918