Vulnerabilities > CVE-2019-4381 - Credentials Management vulnerability in IBM I 7.2/7.3

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-255

NVD

Published: 2019-06-14

Updated: 2023-03-02

Summary

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM I 7.2 IBM I 7.3	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://www.ibm.com/support/docview.wss?uid=ibm10887369
https://exchange.xforce.ibmcloud.com/vulnerabilities/162159
http://www.securityfocus.com/bid/108808