Spoofing vulnerability identified in Cloud Pak System formerly known as PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability.
CVEID: CVE-2019-4097 **DESCRIPTION: **Spoofing vulnerability identified in Platform System Manager (PSM) shipped with PureApplication System. An attacker as authenticated user could steal or manipulate customer session and cookies.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158019 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Cloud Pak System V2.3.0
For unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product. Contact IBM Cloud Pak System support for assistance.
For IBM Cloud Pak System V2.3.0, upgrade to V2.3.0.1.
Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.
None