Vulnerability Details : CVE-2019-4257
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.
Vulnerability category: Information leak
Products affected by CVE-2019-4257
- cpe:2.3:a:ibm:infosphere_information_governance_catalog:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_governance_catalog:11.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_analyzer:11.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_information_analyzer:11.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4257
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4257
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-4257
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4257
-
https://www.ibm.com/support/docview.wss?uid=ibm10882478
IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerabilityPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/159945
IBM InfoSphere Information Server information disclosure CVE-2019-4257 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to