CVE-2019-4038 HIGH

CVE-2019-4038

Vendor Ibm
Product Security Identity Manager
Published February 4, 2019
Last update September 17, 2024

CVSS base score

7.2/10
Attack vector Physical
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/A:H/AC:L/AV:P/C:H/I:H/PR:H/S:C/UI:N/E:U/RC:C/RL:O

What the vulnerability does

01Description

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

Key dates

02Disclosure timeline

February 4, 2019 CVE published
September 17, 2024 Record updated