Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for water_operations_for_waternamics by ibm

    CVE-2020-4318 (GCVE-0-2020-4318)

    Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253297"
              },
              {
                "name": "ibm-ioc-cve20204318-xss (177356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253297"
            },
            {
              "name": "ibm-ioc-cve20204318-xss (177356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253297",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
                  "url": "https://www.ibm.com/support/pages/node/6253297"
                },
                {
                  "name": "ibm-ioc-cve20204318-xss (177356)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4318",
        "datePublished": "2020-07-28T12:05:26.224Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:15.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4317 (GCVE-0-2020-4317)

    Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253295"
              },
              {
                "name": "ibm-ioc-cve20204317-xss (177355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253295"
            },
            {
              "name": "ibm-ioc-cve20204317-xss (177355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253295",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
                  "url": "https://www.ibm.com/support/pages/node/6253295"
                },
                {
                  "name": "ibm-ioc-cve20204317-xss (177355)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4317",
        "datePublished": "2020-07-28T12:05:25.765Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:16.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4321 (GCVE-0-2019-4321)

    Vulnerability from nvd – Published: 2019-09-05 14:50 – Updated: 2024-09-16 20:11
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
              },
              {
                "name": "ibm-ioc-cve20194321-info-disc (161201)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/AV:N/AC:H/C:H/S:U/A:N/PR:N/I:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T14:50:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
            },
            {
              "name": "ibm-ioc-cve20194321-info-disc (161201)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-30T00:00:00",
              "ID": "CVE-2019-4321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885901 (Intelligent Operations Center)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
                },
                {
                  "name": "ibm-ioc-cve20194321-info-disc (161201)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4321",
        "datePublished": "2019-09-05T14:50:15.636Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:11:57.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4420 (GCVE-0-2019-4420)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:35
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
              },
              {
                "name": "ibm-ioc-cve20194420-info-disc (162738)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:L/C:H/A:N/UI:N/I:N/PR:N/S:U/AV:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
            },
            {
              "name": "ibm-ioc-cve20194420-info-disc (162738)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-05T00:00:00",
              "ID": "CVE-2019-4420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10956429",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 956429 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
                },
                {
                  "name": "ibm-ioc-cve20194420-info-disc (162738)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4420",
        "datePublished": "2019-08-20T18:25:26.760Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:35:38.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4419 (GCVE-0-2019-4419)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-16 16:38
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
              },
              {
                "name": "ibm-ioc-cve20194419-xxe (162737)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/C:H/AC:L/AV:N/S:U/I:N/PR:L/UI:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
            },
            {
              "name": "ibm-ioc-cve20194419-xxe (162737)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-05T00:00:00",
              "ID": "CVE-2019-4419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10956433",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 956433 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
                },
                {
                  "name": "ibm-ioc-cve20194419-xxe (162737)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4419",
        "datePublished": "2019-08-20T18:25:26.712Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:37.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4070 (GCVE-0-2019-4070)

    Vulnerability from nvd – Published: 2019-06-07 14:40 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
              },
              {
                "name": "ibm-ioc-cve20194070-xss (157015)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/S:C/A:N/AV:N/PR:L/C:L/UI:R/AC:L/I:L/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
            },
            {
              "name": "ibm-ioc-cve20194070-xss (157015)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879943",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879943 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
                },
                {
                  "name": "ibm-ioc-cve20194070-xss (157015)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4070",
        "datePublished": "2019-06-07T14:40:19.677Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:24.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4069 (GCVE-0-2019-4069)

    Vulnerability from nvd – Published: 2019-06-07 14:40 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
              },
              {
                "name": "ibm-ioc-cve20194069-file-upload (157014)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:H/S:U/C:H/AC:L/UI:R/AV:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
            },
            {
              "name": "ibm-ioc-cve20194069-file-upload (157014)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879953",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879953 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
                },
                {
                  "name": "ibm-ioc-cve20194069-file-upload (157014)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4069",
        "datePublished": "2019-06-07T14:40:19.638Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:01.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4068 (GCVE-0-2019-4068)

    Vulnerability from nvd – Published: 2019-06-07 14:40 – Updated: 2024-09-16 23:55
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
              },
              {
                "name": "ibm-ioc-cve20194068-info-disc (157013)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:N/PR:N/AC:H/UI:N/C:H/S:U/A:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
            },
            {
              "name": "ibm-ioc-cve20194068-info-disc (157013)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880229",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880229 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
                },
                {
                  "name": "ibm-ioc-cve20194068-info-disc (157013)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4068",
        "datePublished": "2019-06-07T14:40:19.598Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:55:59.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4067 (GCVE-0-2019-4067)

    Vulnerability from nvd – Published: 2019-06-07 14:40 – Updated: 2024-09-16 17:24
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
              },
              {
                "name": "ibm-ioc-cve20194067-info-disc (157012)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:N/PR:N/UI:N/AC:H/C:H/S:U/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
            },
            {
              "name": "ibm-ioc-cve20194067-info-disc (157012)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880213",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880213 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
                },
                {
                  "name": "ibm-ioc-cve20194067-info-disc (157012)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4067",
        "datePublished": "2019-06-07T14:40:19.556Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:24:10.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4066 (GCVE-0-2019-4066)

    Vulnerability from nvd – Published: 2019-06-07 14:40 – Updated: 2024-09-17 03:12
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
              },
              {
                "name": "ibm-ioc-cve20194066-create-user (157011)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:H/AV:N/PR:L/AC:L/UI:N/C:H/I:H/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
            },
            {
              "name": "ibm-ioc-cve20194066-create-user (157011)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4066",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879381",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879381 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
                },
                {
                  "name": "ibm-ioc-cve20194066-create-user (157011)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4066",
        "datePublished": "2019-06-07T14:40:19.505Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:12:30.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4318 (GCVE-0-2020-4318)

    Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253297"
              },
              {
                "name": "ibm-ioc-cve20204318-xss (177356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253297"
            },
            {
              "name": "ibm-ioc-cve20204318-xss (177356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253297",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
                  "url": "https://www.ibm.com/support/pages/node/6253297"
                },
                {
                  "name": "ibm-ioc-cve20204318-xss (177356)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4318",
        "datePublished": "2020-07-28T12:05:26.224Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:15.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4317 (GCVE-0-2020-4317)

    Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253295"
              },
              {
                "name": "ibm-ioc-cve20204317-xss (177355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253295"
            },
            {
              "name": "ibm-ioc-cve20204317-xss (177355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253295",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
                  "url": "https://www.ibm.com/support/pages/node/6253295"
                },
                {
                  "name": "ibm-ioc-cve20204317-xss (177355)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4317",
        "datePublished": "2020-07-28T12:05:25.765Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:16.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4321 (GCVE-0-2019-4321)

    Vulnerability from cvelistv5 – Published: 2019-09-05 14:50 – Updated: 2024-09-16 20:11
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
              },
              {
                "name": "ibm-ioc-cve20194321-info-disc (161201)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/AV:N/AC:H/C:H/S:U/A:N/PR:N/I:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T14:50:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
            },
            {
              "name": "ibm-ioc-cve20194321-info-disc (161201)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-30T00:00:00",
              "ID": "CVE-2019-4321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885901",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885901 (Intelligent Operations Center)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
                },
                {
                  "name": "ibm-ioc-cve20194321-info-disc (161201)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4321",
        "datePublished": "2019-09-05T14:50:15.636Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:11:57.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4420 (GCVE-0-2019-4420)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:35
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
              },
              {
                "name": "ibm-ioc-cve20194420-info-disc (162738)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AC:L/C:H/A:N/UI:N/I:N/PR:N/S:U/AV:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
            },
            {
              "name": "ibm-ioc-cve20194420-info-disc (162738)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-05T00:00:00",
              "ID": "CVE-2019-4420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10956429",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 956429 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956429"
                },
                {
                  "name": "ibm-ioc-cve20194420-info-disc (162738)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4420",
        "datePublished": "2019-08-20T18:25:26.760Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:35:38.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4419 (GCVE-0-2019-4419)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-16 16:38
    VLAI
    Summary
    IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
              },
              {
                "name": "ibm-ioc-cve20194419-xxe (162737)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/C:H/AC:L/AV:N/S:U/I:N/PR:L/UI:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
            },
            {
              "name": "ibm-ioc-cve20194419-xxe (162737)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-05T00:00:00",
              "ID": "CVE-2019-4419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10956433",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 956433 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10956433"
                },
                {
                  "name": "ibm-ioc-cve20194419-xxe (162737)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162737"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4419",
        "datePublished": "2019-08-20T18:25:26.712Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:38:37.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4070 (GCVE-0-2019-4070)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:40 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
              },
              {
                "name": "ibm-ioc-cve20194070-xss (157015)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/S:C/A:N/AV:N/PR:L/C:L/UI:R/AC:L/I:L/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
            },
            {
              "name": "ibm-ioc-cve20194070-xss (157015)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879943",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879943 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879943"
                },
                {
                  "name": "ibm-ioc-cve20194070-xss (157015)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157015"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4070",
        "datePublished": "2019-06-07T14:40:19.677Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:24.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4069 (GCVE-0-2019-4069)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:40 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
              },
              {
                "name": "ibm-ioc-cve20194069-file-upload (157014)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:H/S:U/C:H/AC:L/UI:R/AV:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
            },
            {
              "name": "ibm-ioc-cve20194069-file-upload (157014)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879953",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879953 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879953"
                },
                {
                  "name": "ibm-ioc-cve20194069-file-upload (157014)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4069",
        "datePublished": "2019-06-07T14:40:19.638Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:01.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4068 (GCVE-0-2019-4068)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:40 – Updated: 2024-09-16 23:55
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
              },
              {
                "name": "ibm-ioc-cve20194068-info-disc (157013)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:N/PR:N/AC:H/UI:N/C:H/S:U/A:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
            },
            {
              "name": "ibm-ioc-cve20194068-info-disc (157013)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880229",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880229 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880229"
                },
                {
                  "name": "ibm-ioc-cve20194068-info-disc (157013)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157013"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4068",
        "datePublished": "2019-06-07T14:40:19.598Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:55:59.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4067 (GCVE-0-2019-4067)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:40 – Updated: 2024-09-16 17:24
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
              },
              {
                "name": "ibm-ioc-cve20194067-info-disc (157012)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:N/PR:N/UI:N/AC:H/C:H/S:U/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
            },
            {
              "name": "ibm-ioc-cve20194067-info-disc (157012)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880213",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880213 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880213"
                },
                {
                  "name": "ibm-ioc-cve20194067-info-disc (157012)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157012"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4067",
        "datePublished": "2019-06-07T14:40:19.556Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:24:10.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4066 (GCVE-0-2019-4066)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:40 – Updated: 2024-09-17 03:12
    VLAI
    Summary
    IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.1
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.5
    Affected: 5.1.0.6
    Affected: 5.1.0.7
    Affected: 5.1.0.8
    Affected: 5.1.0.9
    Affected: 5.1.0.10
    Affected: 5.1.0.11
    Affected: 5.1.0.12
    Affected: 5.1.0.13
    Affected: 5.1.0.14
    Affected: 5.2.0
    Create a notification for this product.
    Date Public
    2019-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
              },
              {
                "name": "ibm-ioc-cve20194066-create-user (157011)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.8"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.9"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.11"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.13"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.14"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                }
              ]
            }
          ],
          "datePublic": "2019-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.7,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:H/AV:N/PR:L/AC:L/UI:N/C:H/I:H/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:40:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
            },
            {
              "name": "ibm-ioc-cve20194066-create-user (157011)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-31T00:00:00",
              "ID": "CVE-2019-4066",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.1"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.5"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.1.0.7"
                              },
                              {
                                "version_value": "5.1.0.8"
                              },
                              {
                                "version_value": "5.1.0.9"
                              },
                              {
                                "version_value": "5.1.0.10"
                              },
                              {
                                "version_value": "5.1.0.11"
                              },
                              {
                                "version_value": "5.1.0.12"
                              },
                              {
                                "version_value": "5.1.0.13"
                              },
                              {
                                "version_value": "5.1.0.14"
                              },
                              {
                                "version_value": "5.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10879381",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 879381 (Intelligent Operations Center)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10879381"
                },
                {
                  "name": "ibm-ioc-cve20194066-create-user (157011)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157011"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4066",
        "datePublished": "2019-06-07T14:40:19.505Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:12:30.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }