CVE-2019-4329

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/161209	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/1096906	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*

History

01 Jan 2022, 20:11

Type	Values Removed	Values Added
CWE	~~CWE-20~~	NVD-CWE-noinfo

Information

Published : 2019-10-29 00:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-4329

Mitre link : CVE-2019-4329

CVE.ORG link : CVE-2019-4329

JSON object : View

Products Affected

ibm

security_guardium_big_data_intelligence

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-4329", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-10-29T00:15:11.403", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161209", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/1096906", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209."}, {"lang": "es", "value": "IBM Security Guardium Big Data Intelligence (SonarG) versi\u00f3n 4.0, utiliza listas negras incompletas para la comprobaci\u00f3n de entrada lo que permite a atacantes omitir los controles de la aplicaci\u00f3n, resultando en un impacto directo en el sistema y la integridad de los datos. ID de IBM X-Force: 161209."}], "lastModified": "2022-01-01T20:11:26.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5DF1F64-C2BE-4B7A-82B9-B32D304AC739"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}