Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)
CVEID: CVE-2019-4226 DESCRIPTION: IBM PureApplication System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/37ZCKug for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2019-4130 DESCRIPTION: IBM Pure Application System could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.CVSS Base score: 9CVSS Temporal Score: See: https://ift.tt/2P9mder for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) CVEID: CVE-2019-4465 DESCRIPTION: IBM Platform System Manager in Cloud Pak System allows web pages to be stored locally which can be read by another user on the system.CVSS Base score: 4CVSS Temporal Score: See: https://ift.tt/2OFwqjT for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-4468 DESCRIPTION: IBM Platform System Manager for Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/2OITfTL for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2019-4467 DESCRIPTION: IBM Platform System Manager for Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://ift.tt/2OJlamL for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2018-5407 DESCRIPTION: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.CVSS Base score: 5.1CVSS Temporal Score: See: https://ift.tt/35TnsFx for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) ...read more
from IBM Product Security Incident Response Team https://ift.tt/2Rd7nqc