CVE-2019-4038

Published: Feb 4, 2019Modified: Nov 21, 2024

6.2

Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.3 / Impact: 5.9

Source: NVD

Description

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

Affected (2)

Products: Ibm: Security Identity Manager

1 product

Security Identity Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Identity Manager	From 6.0.0.0 to 6.0.0.20
Ibm Security Identity Manager	From 7.0.0.0 to 7.0.1.10

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/156162

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10869604

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/156162

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10869604

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.