Sign-up

ID

VAR-201905-0005


CVE

CVE-2019-4293


TITLE

IBM Storwize V7000 Unified Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-14804 // CNNVD: CNNVD-201905-795

DESCRIPTION

IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699. IBM Storwize V7000 Unified Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 160699 It is released as.Information may be obtained. IBMStorwizeV7000Unified is a virtualized storage device from IBM Corporation of the United States. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks

Trust: 2.43

sources: NVD: CVE-2019-4293 // JVNDB: JVNDB-2019-004680 // CNVD: CNVD-2019-14804 // BID: 108445

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-14804

AFFECTED PRODUCTS

vendor:ibmmodel:storwize unified v7000 softwarescope:gteversion:1.6.0.0

Trust: 1.0

vendor:ibmmodel:storwize unified v7000 softwarescope:lteversion:1.6.2.5

Trust: 1.0

vendor:ibmmodel:storwize v7000 unified softwarescope:eqversion:(2073) 1.6

Trust: 0.8

vendor:ibmmodel:storwize unifiedscope:eqversion:v7000>=1.6.0.0<=1.6.2.5

Trust: 0.6

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.2.5

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.2.4

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.2.3

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.2.0

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.1.0

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.0.1

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.6.0.0

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:neversion:v70001.6.2.6

Trust: 0.3

sources: CNVD: CNVD-2019-14804 // BID: 108445 // JVNDB: JVNDB-2019-004680 // NVD: CVE-2019-4293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-4293
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2019-4293
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-4293
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-14804
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-795
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-4293
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14804
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@us.ibm.com: CVE-2019-4293
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-4293
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-14804 // JVNDB: JVNDB-2019-004680 // CNNVD: CNNVD-201905-795 // NVD: CVE-2019-4293 // NVD: CVE-2019-4293

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-004680 // NVD: CVE-2019-4293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-795

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-795

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004680

PATCH
title:0884656url:https://www.ibm.com/support/docview.wss?uid=ibm10884656
Trust: 0.8
title:ibm-storwize-cve20194293-info-disc (160699)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/160699
Trust: 0.8
title:IBM StorwizeV7000Unified Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/161719
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14804 // 
            
            
            
            JVNDB: JVNDB-2019-004680

EXTERNAL IDS
db:NVDid:CVE-2019-4293
Trust: 3.3
db:BIDid:108445
Trust: 1.9
db:JVNDBid:JVNDB-2019-004680
Trust: 0.8
db:CNVDid:CNVD-2019-14804
Trust: 0.6
db:AUSCERTid:ESB-2019.1802
Trust: 0.6
db:CNNVDid:CNNVD-201905-795
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14804 // 
            
            
            
            BID: 108445 // 
            
            
            
            JVNDB: JVNDB-2019-004680 // 
            
            
            
            CNNVD: CNNVD-201905-795 // 
            
            
            
            NVD: CVE-2019-4293

REFERENCES
url:http://www.securityfocus.com/bid/108445
Trust: 2.2
url:https://www.ibm.com/support/docview.wss?uid=ibm10884656
Trust: 2.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/160699
Trust: 1.6
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10884656
Trust: 1.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-4293
Trust: 1.4
url:http://www.ibm.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4293
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.1802/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14804 // 
            
            
            
            BID: 108445 // 
            
            
            
            JVNDB: JVNDB-2019-004680 // 
            
            
            
            CNNVD: CNNVD-201905-795 // 
            
            
            
            NVD: CVE-2019-4293

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 108445 // 
            
            
            
            CNNVD: CNNVD-201905-795

SOURCES
db:CNVDid:CNVD-2019-14804
db:BIDid:108445
db:JVNDBid:JVNDB-2019-004680
db:CNNVDid:CNNVD-201905-795
db:NVDid:CVE-2019-4293

LAST UPDATE DATE
2024-11-23T22:30:02.554000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-14804date:2019-05-21T00:00:00
db:BIDid:108445date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-004680date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-795date:2020-08-25T00:00:00
db:NVDid:CVE-2019-4293date:2024-11-21T04:43:26.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-14804date:2019-05-20T00:00:00
db:BIDid:108445date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-004680date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-795date:2019-05-17T00:00:00
db:NVDid:CVE-2019-4293date:2019-05-20T18:29:00.503