CVE-2019-4572

IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/166798	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1072042	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:filenet_content_manager:5.5.2:::::::*
	cpe:2.3:a:ibm:filenet_content_manager:5.5.3:::::::*

History

No history.

Information

Published : 2019-10-14 14:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-4572

Mitre link : CVE-2019-4572

CVE.ORG link : CVE-2019-4572

JSON object : View

Products Affected

ibm

filenet_content_manager

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2019-4572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2019-10-14T14:15:10.277", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166798", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/1072042", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798."}, {"lang": "es", "value": "Las versiones 5.5.2 y 5.5.3 de IBM FileNet Content Manager en configuraciones espec\u00edficas, podr\u00eda registrar las credenciales de usuario del servicio web en un archivo de registro al que podr\u00eda acceder un administrador en la m\u00e1quina local. ID de IBM X-Force: 166798."}], "lastModified": "2019-10-16T20:00:30.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:filenet_content_manager:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D95A0DC-A527-4DDA-AE0D-B91E1C72D44C"}, {"criteria": "cpe:2.3:a:ibm:filenet_content_manager:5.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0A0078D-CBE6-46AE-AF88-369177174D1F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}