CVE-2019-4072

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10873036	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/157064	Vendor Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:tivoli_storage_productivity_center::::::::

History

09 Dec 2022, 18:34

Type	Values Removed	Values Added
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/157064 - VDB Entry, Vendor Advisory~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/157064 - Vendor Advisory, VDB Entry

Information

Published : 2019-05-09 15:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-4072

Mitre link : CVE-2019-4072

CVE.ORG link : CVE-2019-4072

JSON object : View

Products Affected

ibm

tivoli_storage_productivity_center
spectrum_control

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2019-4072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2019-05-09T15:29:04.793", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064", "tags": ["Vendor Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."}, {"lang": "es", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition versi\u00f3n 5.2.1 hasta la versi\u00f3n 5.2.17), permite a los usuarios permanecer inactivos dentro de la aplicaci\u00f3n, incluso cuando un usuario ha cerrado la sesi\u00f3n. Utilizando el bot\u00f3n back de la aplicaci\u00f3n, los usuarios pueden permanecer conectados como el usuario actual durante un corto per\u00edodo de tiempo, por lo tanto a los usuarios se les presenta informaci\u00f3n de Spectrum Control Application. ID de IBM X-Force: 157064."}], "lastModified": "2022-12-09T18:34:12.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D339C119-A10F-4238-B857-CD728614EDB4", "versionEndIncluding": "5.2.17.2", "versionStartIncluding": "5.2.8"}, {"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9FEBFCA-CBA5-49CF-B242-EA642C02712A", "versionEndIncluding": "5.3.1", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_productivity_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B241C479-3E3E-4248-BFF7-B92CE300537A", "versionEndIncluding": "5.2.7.1", "versionStartIncluding": "5.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}