IBMA3AF494A21C3B2BFF638E4FF66CF423BBEF64E1CA138923AA4AE6AB885CFAD32Security Bulletin: A Security Vulnerability affects IBM Cloud Private Core Services (CVE-2019-2386)
EPSS
Percentile
44.1%
Summary
A Security Vulnerability affects IBM Cloud Private Core Services
Vulnerability Details
CVEID: CVE-2019-2386 DESCRIPTION: MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper session management. By reusing an established session of said user, an attacker could exploit this vulnerability to gain access to the database server.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164984> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
Remediation/Fixes
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
- IBM Cloud Private 3.2.1
- IBM Cloud Private 3.2.0
For IBM Cloud Private 3.2.0, apply October fix pack or patch:
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private 3.1.0, 3.1.1:
- Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1.
- If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance
Workarounds and Mitigations
None
Related
EPSS
Percentile
44.1%