Sign-up

ID

VAR-201909-0009


CVE

CVE-2019-4321


TITLE

plural IBM Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008846

DESCRIPTION

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts

Trust: 2.16

sources: NVD: CVE-2019-4321 // JVNDB: JVNDB-2019-008846 // CNVD: CNVD-2019-30483

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-30483

AFFECTED PRODUCTS

vendor:ibmmodel:intelligent operations center for emergency managementscope:gteversion:5.1.0

Trust: 1.0

vendor:ibmmodel:water operations for waternamicsscope:lteversion:5.2.1.1

Trust: 1.0

vendor:ibmmodel:intelligent operations center for emergency managementscope:lteversion:5.1.0.6

Trust: 1.0

vendor:ibmmodel:intelligent operations centerscope:gteversion:5.1.0

Trust: 1.0

vendor:ibmmodel:intelligent operations centerscope:lteversion:5.2.0

Trust: 1.0

vendor:ibmmodel:water operations for waternamicsscope:gteversion:5.1.0

Trust: 1.0

vendor:ibmmodel:intelligent operations centerscope:eqversion:5.1.0 to 5.2.0

Trust: 0.8

vendor:ibmmodel:intelligent operations center for emergency managementscope:eqversion:5.1.0 to 5.1.0.6

Trust: 0.8

vendor:ibmmodel:water operations for waternamicsscope:eqversion:5.1.0 to 5.2.1.1

Trust: 0.8

vendor:ibmmodel:intelligent operations centerscope:gteversion:5.1.0,<=5.2.0

Trust: 0.6

vendor:ibmmodel:intelligent operations center for emergency managementscope:gteversion:5.1.0,<=5.1.0.6

Trust: 0.6

vendor:ibmmodel:water operations for waternamicsscope:gteversion:5.1.0,<=5.2.1.1

Trust: 0.6

sources: CNVD: CNVD-2019-30483 // JVNDB: JVNDB-2019-008846 // NVD: CVE-2019-4321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-4321
value: HIGH

Trust: 1.0

psirt@us.ibm.com: CVE-2019-4321
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-4321
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-30483
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-2278
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-4321
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-30483
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-4321
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2019-4321
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-4321
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-30483 // JVNDB: JVNDB-2019-008846 // CNNVD: CNNVD-201908-2278 // NVD: CVE-2019-4321 // NVD: CVE-2019-4321

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2019-008846 // NVD: CVE-2019-4321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2278

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-2278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008846

PATCH
title:885901url:https://www.ibm.com/support/pages/security-bulletin-password-vulnerability-ibm%C2%AE-intelligent-operations-center-cve-2019-4321
Trust: 0.8
title:ibm-ioc-cve20194321-info-disc (161201)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/161201
Trust: 0.8
title:Patch for IBM Intelligent Operations Center and IBM Water Operations for Waternamics weak password vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/179007
Trust: 0.6
title:IBM Intelligent Operations Center  and IBM Water Operations for Waternamics Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97786
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30483 // 
            
            
            
            JVNDB: JVNDB-2019-008846 // 
            
            
            
            CNNVD: CNNVD-201908-2278

EXTERNAL IDS
db:NVDid:CVE-2019-4321
Trust: 3.0
db:AUSCERTid:ESB-2019.3312
Trust: 1.2
db:JVNDBid:JVNDB-2019-008846
Trust: 0.8
db:CNVDid:CNVD-2019-30483
Trust: 0.6
db:CNNVDid:CNNVD-201908-2278
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-30483 // 
            
            
            
            JVNDB: JVNDB-2019-008846 // 
            
            
            
            CNNVD: CNNVD-201908-2278 // 
            
            
            
            NVD: CVE-2019-4321

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=ibm10885901
Trust: 2.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/161201
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-4321
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2019.3312/
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4321
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-30483 // 
            
            
            
            JVNDB: JVNDB-2019-008846 // 
            
            
            
            CNNVD: CNNVD-201908-2278 // 
            
            
            
            NVD: CVE-2019-4321

SOURCES
db:CNVDid:CNVD-2019-30483
db:JVNDBid:JVNDB-2019-008846
db:CNNVDid:CNNVD-201908-2278
db:NVDid:CVE-2019-4321

LAST UPDATE DATE
2024-11-23T22:16:51.020000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-30483date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008846date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2278date:2020-08-25T00:00:00
db:NVDid:CVE-2019-4321date:2024-11-21T04:43:28.153

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-30483date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008846date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2278date:2019-08-31T00:00:00
db:NVDid:CVE-2019-4321date:2019-09-05T15:15:13.063