{"containers":{"cna":{"affected":[{"product":"PureApplication System","vendor":"IBM","versions":[{"status":"affected","version":"2.2.3.0"},{"status":"affected","version":"2.2.3.1"},{"status":"affected","version":"2.2.3.2"},{"status":"affected","version":"2.2.4.0"},{"status":"affected","version":"2.2.5.0"},{"status":"affected","version":"2.2.5.1"},{"status":"affected","version":"2.2.5.2"},{"status":"affected","version":"2.2.5.3"}]}],"datePublic":"2019-05-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","exploitCodeMaturity":"UNPROVEN","integrityImpact":"LOW","privilegesRequired":"LOW","remediationLevel":"OFFICIAL_FIX","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":3.8,"temporalSeverity":"LOW","userInteraction":"NONE","vectorString":"CVSS:3.0/C:N/AV:N/S:U/PR:L/A:N/AC:L/I:L/UI:N/RC:C/E:U/RL:O","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Gain Access","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-06-26T14:35:17.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"},{"name":"ibm-pure-cve20194234-gain-access (159416)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2019-05-31T00:00:00","ID":"CVE-2019-4234","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PureApplication System","version":{"version_data":[{"version_value":"2.2.3.0"},{"version_value":"2.2.3.1"},{"version_value":"2.2.3.2"},{"version_value":"2.2.4.0"},{"version_value":"2.2.5.0"},{"version_value":"2.2.5.1"},{"version_value":"2.2.5.2"},{"version_value":"2.2.5.3"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"L","AV":"N","C":"N","I":"L","PR":"L","S":"U","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Gain Access"}]}]},"references":{"reference_data":[{"name":"https://www-01.ibm.com/support/docview.wss?uid=ibm10885602","refsource":"CONFIRM","title":"IBM Security Bulletin 885602 (PureApplication System)","url":"https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"},{"name":"ibm-pure-cve20194234-gain-access (159416)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T19:33:36.908Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www-01.ibm.com/support/docview.wss?uid=ibm10885602"},{"name":"ibm-pure-cve20194234-gain-access (159416)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/159416"}]}]},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2019-4234","datePublished":"2019-06-26T14:35:18.000Z","dateReserved":"2019-01-03T00:00:00.000Z","dateUpdated":"2024-09-16T16:48:14.124Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}