Lucene search

[email protected]CVE-2019-4201

HistoryJun 06, 2019 - 1:29 a.m.

CVE-2019-4201

2019-06-0601:29:00

CWE-601

[email protected]

web.nvd.nist.gov

cve-2019-4201

ibm

jazz

service management

phishing

open redirect

remote attacker

vulnerability

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.

Affected configurations

Vulners

NVD

Node

ibmjazz_for_service_managementMatch1.1.3

ibmjazz_for_service_managementMatch1.1.3.1

ibmjazz_for_service_managementMatch1.1.3.2

VendorProductVersionCPE
ibmjazz_for_service_management1.1.3cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
ibmjazz_for_service_management1.1.3.1cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
ibmjazz_for_service_management1.1.3.2cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	jazz_for_service_management	1.1.3	cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:::::::*
ibm	jazz_for_service_management	1.1.3.1	cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.1:::::::*
ibm	jazz_for_service_management	1.1.3.2	cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.2:::::::*

CNA Affected

[
  {
    "product": "Jazz for Service Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.3"
      },
      {
        "status": "affected",
        "version": "1.1.3.1"
      },
      {
        "status": "affected",
        "version": "1.1.3.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/159122

www.ibm.com/support/docview.wss?uid=ibm10885592

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVE-2019-4201

cvelist1 prion1 nvd1 ibm1