Ibm: >> Pureapplication System >> 2.2.3.1 Security Vulnerabilities
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 159240.
CVSS Score
6.3
EPSS Score
0.003
Published
2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
CVSS Score
4.4
EPSS Score
0.0
Published
2019-06-26