CVE-2019-4071 - OpenCVE

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Spectrum Control Tivoli Storage Productivity Center

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:spectrum_control::::::::
	cpe:2.3:a:ibm:tivoli_storage_productivity_center::::::::

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ibm10872900
https://exchange.xforce.ibmcloud.com/vulnerabilities/157063

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2019-05-09T15:10:15.559296Z

Updated: 2024-09-16T22:40:47.327Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4071

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-05-09T15:29:04.667

Modified: 2022-12-09T18:22:49.597

Link: CVE-2019-4071

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Control Standard Edition", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.2.1"}, {"status": "affected", "version": "5.2.8"}, {"status": "affected", "version": "5.2.11"}, {"status": "affected", "version": "5.2.12"}, {"status": "affected", "version": "5.2.13"}, {"status": "affected", "version": "5.2.14"}, {"status": "affected", "version": "5.2.15"}, {"status": "affected", "version": "5.2.16"}, {"status": "affected", "version": "5.2.10.1"}, {"status": "affected", "version": "5.2.15.2"}, {"status": "affected", "version": "5.2.17.0"}, {"status": "affected", "version": "5.2.17.1"}]}], "datePublic": "2019-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.9, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:H/PR:H/UI:R/AV:N/S:U/C:H/A:H/AC:L/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-09T15:10:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872900"}, {"name": "ibm-tivoli-cve20194071-csv-injection (157063)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-07T00:00:00", "ID": "CVE-2019-4071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Control Standard Edition", "version": {"version_data": [{"version_value": "5.2.1"}, {"version_value": "5.2.8"}, {"version_value": "5.2.11"}, {"version_value": "5.2.12"}, {"version_value": "5.2.13"}, {"version_value": "5.2.14"}, {"version_value": "5.2.15"}, {"version_value": "5.2.16"}, {"version_value": "5.2.10.1"}, {"version_value": "5.2.15.2"}, {"version_value": "5.2.17.0"}, {"version_value": "5.2.17.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "H", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ibm10872900", "refsource": "CONFIRM", "title": "IBM Security Bulletin 872900 (Spectrum Control Standard Edition)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872900"}, {"name": "ibm-tivoli-cve20194071-csv-injection (157063)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:26:27.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872900"}, {"name": "ibm-tivoli-cve20194071-csv-injection (157063)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4071", "datePublished": "2019-05-09T15:10:15.559296Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-16T22:40:47.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "D339C119-A10F-4238-B857-CD728614EDB4", "versionEndIncluding": "5.2.17.2", "versionStartIncluding": "5.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FEBFCA-CBA5-49CF-B242-EA642C02712A", "versionEndIncluding": "5.3.1", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_productivity_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "B241C479-3E3E-4248-BFF7-B92CE300537A", "versionEndIncluding": "5.2.7.1", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063."}, {"lang": "es", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition, versiones desde 5.2.1 hasta 5.2.17) podr\u00eda permitir a un atacante remoto ejecutar comandos arbitrarios en el sistema, causados por una validaci\u00f3n incorrecta del contenido del archivo csv. IBM X-Force ID: 157063."}], "id": "CVE-2019-4071", "lastModified": "2022-12-09T18:22:49.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-09T15:29:04.667", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872900"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157063"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "nvd@nist.gov", "type": "Primary"}]}