CVE-2019-4130: Malicious File Upload

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2019-4130.

Q: What is the severity of CVE-2019-4130?

The severity of CVE-2019-4130 is critical.

Q: How does CVE-2019-4130 affect IBM Cloud Pak System?

CVE-2019-4130 affects IBM Cloud Pak System versions 2.2.5 - 2.2.6 and versions 2.3, 2.3.0.1.

Q: What is the impact of CVE-2019-4130?

CVE-2019-4130 allows a remote attacker to upload arbitrary files and execute arbitrary code on the vulnerable server.

Q: Is there a fix for CVE-2019-4130?

Yes, IBM has provided a fix for CVE-2019-4130. Please refer to the official IBM support page for more information.

Published Dec 2, 2019

Updated

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

Other sources

IBM Pure Application System could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

Affected Software

4 affected components

IBM Cloud Pak System=2.3

IBM Cloud Pak System=2.3.0.1

IBM Cloud Pak System<=2.2.5 - 2.2.6

IBM Cloud Pak System<=2.3, 2.3.0.1

Remediation

Patch Available

https://www.ibm.com/support/pages/node/1118487

Event History

Dec 2, 2019

CVE Published

via IBM·12:00 AM

Dec 3, 2019

CVE Published

via MITRE·02:55 PM

Data Sourced

via MITRE·02:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-1118487

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2019-4130.

What is the severity of CVE-2019-4130?