Lucene search
IBM1DB18369FE34F034C10834C183CC1908E5D3F257A476839FE4C940A3AB8AFF94HistoryJul 24, 2020 - 9:16 p.m.
Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate
2020-07-2421:16:35
www.ibm.com
4
0.001 Low
EPSS
Percentile
36.1%
Summary
IBM Cloud CLI (prior to 0.16.2) windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside.
Vulnerability Details
CVEID:CVE-2019-4427
**DESCRIPTION:**IBM Cloud CLI windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162773 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud CLI | 0.6.0 - 0.16.1 |
Remediation/Fixes
Upgrade to IBM Cloud CLI 0.16.2 or higher
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm devops for bluemix | eq | 0.6.0 | |
| ibm devops for bluemix | eq | 0.16.1 |
Related
cve
cve
CVE-2019-4427
2020-02-12 16:15:11
prion
prion
Information disclosure
2020-02-12 16:15:00
nvd
nvd
CVE-2019-4427
2020-02-12 16:15:11
cvelist
cvelist
CVE-2019-4427
2020-02-05 00:00:00
osv
osv
CVE-2019-4427
2020-02-12 16:15:11
0.001 Low
EPSS
Percentile
36.1%
Related for 1DB18369FE34F034C10834C183CC1908E5D3F257A476839FE4C940A3AB8AFF94