IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources
CVEID: CVE-2019-4194 DESCRIPTION: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159033> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Jazz for Service Management version 1.1.3 - 1.1.3.2
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management version 1.1.3 - 1.1.3.2 | Install 1.1.3-TIV-JazzSM-multi-FP003 |
Please refer Read-me available as part of 1.1.3-TIV-JazzSM-multi-FP003
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | 1.1.3 | |
jazz for service management | eq | 1.1.3.1 | |
jazz for service management | eq | 1.1.3.2 |