Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM03972D80DA2FBE79CEC2482221C35D12249DAD5DF5214C469FEF46F0B90873F4
HistoryAug 23, 2019 - 7:37 p.m.

Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132

2019-08-2319:37:53
www.ibm.com
6

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Cloud Automation Manager will redirect when a bad API path is requested rather than issuing a 404. User may expect an error
but be redirected to a home page instead.

Vulnerability Details

CVEID: CVE-2019-4132 DESCRIPTION: IBM Cloud Automation Manager could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158274&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cloud Automation Manager 3.1.2

Remediation/Fixes

IBM Cloud Automation Manager users should upgrade to the following release:

IBM Cloud Automation Manager 3.1.2.1

https://www.ibm.com/support/knowledgecenter/en/SS2L37_3.1.2.1/cam_upgrade_cam.html

Workarounds and Mitigations

None.

CPENameOperatorVersion
ibm cloud automation managereq3.1.2

Related

prion 1
cve 1
nvd 1
cvelist 1
prion
prion
Information disclosure
2019-08-29 15:15:00
cve
cve
CVE-2019-4132
2019-08-29 15:15:11
nvd
nvd
CVE-2019-4132
2019-08-29 15:15:11
cvelist
cvelist
CVE-2019-4132
2019-08-23 00:00:00

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for 03972D80DA2FBE79CEC2482221C35D12249DAD5DF5214C469FEF46F0B90873F4
prion1cve1nvd1cvelist1