Pureapplication System@2.2.5.1 Security Vulnerabilities and Issues — Pureapplication System@2.2.5.1 CVE List

Lucene search

IbmPureapplication System2.2.5.1

5 matches found

CVE•added 2019/06/26 3:15 p.m.•40 views

CVE-2019-4224

IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.

8.8CVSS8.9AI score0.00312EPSS

CVE•added 2019/06/26 3:15 p.m.•35 views

CVE-2019-4225

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

4.4CVSS5.1AI score0.0004EPSS

CVE•added 2019/06/26 3:15 p.m.•34 views

CVE-2019-4234

IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.

4.3CVSS5.2AI score0.00174EPSS

CVE•added 2019/06/26 3:15 p.m.•33 views

CVE-2019-4241

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.

8.4CVSS7.9AI score0.00052EPSS

CVE•added 2019/06/26 3:15 p.m.•30 views

CVE-2019-4235

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.

7.5CVSS7.8AI score0.00267EPSS