Security Bulletin: Cross-site scripting vulnerability in IBM Cloud Pak System (CVE-2019-4098)

CVEID:   CVE-2019-4226 DESCRIPTION:   IBM PureApplication System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/37ZCKug for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID:   CVE-2019-4130 DESCRIPTION:   IBM Pure Application System could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.CVSS Base score: 9CVSS Temporal Score: See: https://ift.tt/2P9mder for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) CVEID:   CVE-2019-4465 DESCRIPTION:   IBM Platform System Manager in Cloud Pak System allows web pages to be stored locally which can be read by another user on the system.CVSS Base score: 4CVSS Temporal Score: See: https://ift.tt/2OFwqjT for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:   CVE-2019-4468 DESCRIPTION:   IBM Platform System Manager for Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/2OITfTL for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID:   CVE-2019-4467 DESCRIPTION:   IBM Platform System Manager for Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/2OJlamL for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID:   CVE-2018-5407 DESCRIPTION:   Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.CVSS Base score: 5.1CVSS Temporal Score: See: https://ift.tt/35TnsFx for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) ...read more



from IBM Product Security Incident Response Team https://ift.tt/2LhSuim