CVE-2019-4234
First published: Wed Jun 26 2019(Updated: )
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM PureApplication System | >=2.2.3.0<=2.2.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-4234?
CVE-2019-4234 has a medium severity rating due to the potential for attackers to bypass business logic.
How do I fix CVE-2019-4234?
To mitigate CVE-2019-4234, upgrade your IBM PureApplication System to version 2.2.6 or higher.
What systems are affected by CVE-2019-4234?
CVE-2019-4234 affects IBM PureApplication System versions 2.2.3.0 through 2.2.5.3.
What type of attack is facilitated by CVE-2019-4234?
CVE-2019-4234 can be exploited through an attack that intercepts requests to modify the locking state of patterns.
Is CVE-2019-4234 easy to exploit?
Exploitation of CVE-2019-4234 requires an attacker to have the ability to intercept requests, which may require specific conditions.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm pureapplication system
- version/ibm pureapplication system/2.2.3.0
- version/ibm pureapplication system/2.2.5.3