Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM003F6D8197E2C8C6D47E271106C46B1D63AB86F5735228872D31B0E25E5BDB4B
HistoryOct 10, 2019 - 7:56 p.m.

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-5419).

2019-10-1019:56:25
www.ibm.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool.

Vulnerability Details

CVEID: CVE-2019-5419

DESCRIPTION: Ruby on Rails Action View module is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted accept headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158110&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM License Metric Tool v9.x

Remediation/Fixes

Upgrade to version 9.2.16 or later using the following procedure:

  • In IBM Endpoint Manager console, expand **IBM License Reporting (ILMT)**node under Sites node in the tree panel.
  • Click Fixlets and Tasks node.Fixlets and Tasks panel will be displayed on the right.
  • In the Fixlets and Tasks panel locate _Upgrade to the latest version of IBM License Metric Tool __9.x _fixlet and run it against the computer that hosts your server.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm license metric tooleq9.2

Related

prion 1
debiancve 1
ubuntucve 1
osv 3
gitlab 1
veracode 1
redhatcve 1
cve 1
rubygems 1
githubexploit 2
nessus 14
openvas 23
suse 5
debian 1
redhat 4
freebsd 1
github 1
fedora 11
prion
prion
Denial of service
2019-03-27 14:29:00
debiancve
debiancve
CVE-2019-5419
2019-03-27 14:29:00
ubuntucve
ubuntucve
CVE-2019-5419
2019-03-27 00:00:00
osv
osv
CVE-2019-5419
2019-03-27 14:29:01
Denial of Service Vulnerability in Action View
2019-03-13 17:25:55
rails - security update
2019-03-30 00:00:00
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2019-03-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-03-14 03:23:36
redhatcve
redhatcve
CVE-2019-5419
2019-10-30 04:28:20
cve
cve
CVE-2019-5419
2019-03-27 14:29:00
rubygems
rubygems
Denial of Service Vulnerability in Action View
2019-03-12 21:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Rubyonrails Rails
2019-03-16 11:58:18
Exploit for Vulnerability in Rubyonrails Rails
2019-03-23 02:52:31
nessus
nessus
openSUSE Security Update : rmt-server (openSUSE-2019-1527)
2019-06-10 00:00:00
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344)
2019-05-09 00:00:00
Debian DLA-1739-1 : rails security update
2019-04-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2019:1344-1)
2019-05-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1381-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:1824-1)
2020-01-09 00:00:00
suse
suse
Security update for rubygem-actionpack-5_1 (moderate)
2019-05-08 00:00:00
Security update for rmt-server (important)
2019-08-01 00:00:00
Security update for rmt-server (important)
2019-06-07 00:00:00
debian
debian
[SECURITY] [DLA 1739-1] rails security update
2019-03-31 13:51:06
redhat
redhat
(RHSA-2019:1149) Important: rh-ror42-rubygem-actionpack security update
2019-05-13 08:53:04
(RHSA-2019:1147) Important: rh-ror50-rubygem-actionpack security update
2019-05-13 08:36:21
(RHSA-2019:1289) Important: CloudForms 4.6.9 security, bug fix and enhancement update
2019-05-29 12:36:40
freebsd
freebsd
Rails -- Action View vulnerabilities
2019-03-13 00:00:00
github
github
Denial of Service Vulnerability in Action View
2019-03-13 17:25:55
fedora
fedora
[SECURITY] Fedora 30 Update: rubygem-actioncable-5.2.3-1.fc30
2019-05-10 00:48:40
[SECURITY] Fedora 30 Update: rubygem-activemodel-5.2.3-2.fc30
2019-05-10 00:48:41
[SECURITY] Fedora 30 Update: rubygem-rails-5.2.3-1.fc30
2019-05-10 00:48:41

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for 003F6D8197E2C8C6D47E271106C46B1D63AB86F5735228872D31B0E25E5BDB4B
prion1debiancve1ubuntucve1osv3gitlab1veracode1redhatcve1cve1rubygems1githubexploit2nessus14openvas23suse5debian1redhat4freebsd1github1fedora11