VAR-201909-0009

Vulnerability from variot - Updated: 2023-12-18 13:56

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0009",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "water operations for waternamics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.1.0"
      },
      {
        "model": "water operations for waternamics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.2.1.1"
      },
      {
        "model": "intelligent operations center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.2.0"
      },
      {
        "model": "intelligent operations center for emergency management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.1.0.6"
      },
      {
        "model": "intelligent operations center for emergency management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.1.0"
      },
      {
        "model": "intelligent operations center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "5.1.0"
      },
      {
        "model": "intelligent operations center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.0 to  5.2.0"
      },
      {
        "model": "intelligent operations center for emergency management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.0 to  5.1.0.6"
      },
      {
        "model": "water operations for waternamics",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.1.0 to  5.2.1.1"
      },
      {
        "model": "intelligent operations center",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5.1.0,\u003c=5.2.0"
      },
      {
        "model": "intelligent operations center for emergency management",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5.1.0,\u003c=5.1.0.6"
      },
      {
        "model": "water operations for waternamics",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5.1.0,\u003c=5.2.1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.0",
                "versionStartIncluding": "5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center_for_emergency_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.0.6",
                "versionStartIncluding": "5.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:water_operations_for_waternamics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.1.1",
                "versionStartIncluding": "5.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      }
    ]
  },
  "cve": "CVE-2019-4321",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-4321",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-30483",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@us.ibm.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-4321",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-4321",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@us.ibm.com",
            "id": "CVE-2019-4321",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-30483",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-2278",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-4321",
        "trust": 3.0
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3312",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "id": "VAR-201909-0009",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:56:33.678000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "885901",
        "trust": 0.8,
        "url": "https://www.ibm.com/support/pages/security-bulletin-password-vulnerability-ibm%c2%ae-intelligent-operations-center-cve-2019-4321"
      },
      {
        "title": "ibm-ioc-cve20194321-info-disc (161201)",
        "trust": 0.8,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
      },
      {
        "title": "Patch for IBM Intelligent Operations Center and IBM Water Operations for Waternamics weak password vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/179007"
      },
      {
        "title": "IBM Intelligent Operations Center  and IBM Water Operations for Waternamics Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97786"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-521",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4321"
      },
      {
        "trust": 1.2,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3312/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4321"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "date": "2019-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "date": "2019-09-05T15:15:13.063000",
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "date": "2019-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-30483"
      },
      {
        "date": "2019-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      },
      {
        "date": "2022-12-02T22:22:35.133000",
        "db": "NVD",
        "id": "CVE-2019-4321"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  IBM Vulnerabilities related to certificate and password management in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008846"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-2278"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…