PT-2019-16982 · Ibm · Ibm Pureapplication System
Published
2019-06-26
·
Updated
2022-12-02
·
CVE-2019-4234
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM PureApplication System versions 2.2.3.0 through 2.2.5.3
Description
The issue is related to a weakness in the implementation of the locking feature in the pattern editor. An attacker can intercept subsequent requests to bypass business logic, allowing them to modify the pattern to an unlocked state.
Recommendations
For IBM PureApplication System versions 2.2.3.0 through 2.2.5.3, consider restricting access to the pattern editor to minimize the risk of exploitation until a fix is available. As a temporary workaround, disabling the locking feature in the pattern editor may help prevent unauthorized modifications.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Pureapplication System