Vulnerability Details : CVE-2019-4329
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.
Exploit prediction scoring system (EPSS) score for CVE-2019-4329
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-4329
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
IBM Corporation |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-4329
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/161209
IBM Security Guardium Big Data Intelligence security bypass CVE-2019-4329 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/1096906
Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Hazardous Input Validation vulnerabilityPatch;Vendor Advisory
Products affected by CVE-2019-4329
- cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*