{"containers": {"cna": {"affected": [{"product": "Spectrum Control Standard Edition", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.2.1"}, {"status": "affected", "version": "5.2.8"}, {"status": "affected", "version": "5.2.11"}, {"status": "affected", "version": "5.2.12"}, {"status": "affected", "version": "5.2.13"}, {"status": "affected", "version": "5.2.14"}, {"status": "affected", "version": "5.2.15"}, {"status": "affected", "version": "5.2.16"}, {"status": "affected", "version": "5.2.10.1"}, {"status": "affected", "version": "5.2.15.2"}, {"status": "affected", "version": "5.2.17.0"}, {"status": "affected", "version": "5.2.17.1"}]}], "datePublic": "2019-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.1, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/S:U/AV:N/A:L/C:L/PR:H/UI:N/I:L/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-09T15:10:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036"}, {"name": "ibm-tivoli-cve20194072-session-fixation (157064)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-05-07T00:00:00", "ID": "CVE-2019-4072", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Control Standard Edition", "version": {"version_data": [{"version_value": "5.2.1"}, {"version_value": "5.2.8"}, {"version_value": "5.2.11"}, {"version_value": "5.2.12"}, {"version_value": "5.2.13"}, {"version_value": "5.2.14"}, {"version_value": "5.2.15"}, {"version_value": "5.2.16"}, {"version_value": "5.2.10.1"}, {"version_value": "5.2.15.2"}, {"version_value": "5.2.17.0"}, {"version_value": "5.2.17.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ibm10873036", "refsource": "CONFIRM", "title": "IBM Security Bulletin 873036 (Spectrum Control Standard Edition)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036"}, {"name": "ibm-tivoli-cve20194072-session-fixation (157064)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:26:27.999Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036"}, {"name": "ibm-tivoli-cve20194072-session-fixation (157064)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4072", "datePublished": "2019-05-09T15:10:15.606778Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T03:08:21.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "D339C119-A10F-4238-B857-CD728614EDB4", "versionEndIncluding": "5.2.17.2", "versionStartIncluding": "5.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FEBFCA-CBA5-49CF-B242-EA642C02712A", "versionEndIncluding": "5.3.1", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_productivity_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "B241C479-3E3E-4248-BFF7-B92CE300537A", "versionEndIncluding": "5.2.7.1", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064."}, {"lang": "es", "value": "IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition versi\u00f3n 5.2.1 hasta la versi\u00f3n 5.2.17), permite a los usuarios permanecer inactivos dentro de la aplicaci\u00f3n, incluso cuando un usuario ha cerrado la sesi\u00f3n. Utilizando el bot\u00f3n back de la aplicaci\u00f3n, los usuarios pueden permanecer conectados como el usuario actual durante un corto per\u00edodo de tiempo, por lo tanto a los usuarios se les presenta informaci\u00f3n de Spectrum Control Application. ID de IBM X-Force: 157064."}], "id": "CVE-2019-4072", "lastModified": "2024-11-21T04:43:07.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-09T15:29:04.793", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10873036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157064"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}