CVE-2019-4193

Published: Jul 11, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032.

Affected (1)

Products: Ibm: Jazz For Service Management

1 product

Jazz For Service Management

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Jazz For Service Management	From 1.1.3 to 1.1.3.2

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.ibm.com/support/docview.wss?uid=ibm10885985

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/109144

Source: psirt@us.ibm.com

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/159032

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=ibm10885985

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/109144

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/159032

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.