CVE-2019-4329 : IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.

Published 2019-10-29 00:15:11

Updated 2022-01-01 20:11:26

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-4329

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-4329

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2019-4329

https://exchange.xforce.ibmcloud.com/vulnerabilities/161209

IBM Security Guardium Big Data Intelligence security bypass CVE-2019-4329 Vulnerability Report
VDB Entry;Vendor Advisory
https://www.ibm.com/support/pages/node/1096906

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Hazardous Input Validation vulnerability
Patch;Vendor Advisory

Products affected by CVE-2019-4329

IBM » Security Guardium Big Data Intelligence » Version: 4.0
cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2019-4329

Exploit prediction scoring system (EPSS) score for CVE-2019-4329

CVSS scores for CVE-2019-4329

References for CVE-2019-4329

Products affected by CVE-2019-4329