CVE-2019-4381
Published Jun 14, 2019
Last updated 2 years ago
Overview
- Description
- IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 4
- Exploitability score
- 1.4
- Vector string
- CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-255
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
}
],
"operator": "OR"
}
]
}
]