CVE-2019-4271 - OpenCVE

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Application Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_application_server::::::::
	cpe:2.3:a:ibm:websphere_application_server::::::::
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/160243
https://www.ibm.com/support/pages/node/884040

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2019-09-17T19:05:23.980894Z

Updated: 2024-09-17T01:26:25.571Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-4271

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-17T19:15:11.257

Modified: 2022-12-09T18:47:23.517

Link: CVE-2019-4271

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WebSphere Application Server", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.0"}, {"status": "affected", "version": "8.0"}, {"status": "affected", "version": "8.5"}, {"status": "affected", "version": "9.0"}]}], "datePublic": "2019-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.1, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/S:U/AV:N/C:N/PR:L/I:L/UI:R/A:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-17T19:05:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/884040"}, {"name": "ibm-websphere-cve20194271-http-pollution (160243)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-09-03T00:00:00", "ID": "CVE-2019-4271", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WebSphere Application Server", "version": {"version_data": [{"version_value": "7.0"}, {"version_value": "8.0"}, {"version_value": "8.5"}, {"version_value": "9.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "L", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/884040", "refsource": "CONFIRM", "title": "IBM Security Bulletin 884040 (WebSphere Application Server)", "url": "https://www.ibm.com/support/pages/node/884040"}, {"name": "ibm-websphere-cve20194271-http-pollution (160243)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:33:37.763Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/884040"}, {"name": "ibm-websphere-cve20194271-http-pollution (160243)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4271", "datePublished": "2019-09-17T19:05:23.980894Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:26:25.571Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "54B2BE18-F414-4D47-945F-71FCD037A47D", "versionEndIncluding": "8.5.5.15", "versionStartIncluding": "8.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "69DD41EE-361C-4B7E-80C0-6C2FEC2C4056", "versionEndIncluding": "9.0.0.11", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FAC5F6C-D589-4337-88AD-4693AE953D9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243."}, {"lang": "es", "value": "La consola de administraci\u00f3n de IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de contaminaci\u00f3n de par\u00e1metros HTTP del lado del cliente. ID de IBM X-Force: 160243."}], "id": "CVE-2019-4271", "lastModified": "2022-12-09T18:47:23.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-17T19:15:11.257", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160243"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/884040"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}