{"api_version":"1","generated_at":"2026-05-02T20:59:03+00:00","cve":"CVE-2019-4329","urls":{"html":"https://cve.report/CVE-2019-4329","api":"https://cve.report/api/cve/CVE-2019-4329.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-4329","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-4329"},"summary":{"title":"CVE-2019-4329","description":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2019-10-29 00:15:00","updated_at":"2022-01-01 20:11:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/1096906","name":"https://www.ibm.com/support/pages/node/1096906","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Hazardous Input Validation vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/161209","name":"ibm-guardium-cve20194329-sec-bypass (161209)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-4329","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-4329","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"4329","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium_big_data_intelligence","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4329","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium_big_data_intelligence","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_format":"MITRE","data_version":"4.0","affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"version":{"version_data":[{"version_value":"4"}]},"product_name":"Security Guardium Big Data Intelligence"}]}}]}},"description":{"description_data":[{"value":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.","lang":"eng"}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/1096906","refsource":"CONFIRM","title":"IBM Security Bulletin 1096906 (Security Guardium Big Data Intelligence)","url":"https://www.ibm.com/support/pages/node/1096906"},{"title":"X-Force Vulnerability Report","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/161209","name":"ibm-guardium-cve20194329-sec-bypass (161209)"}]},"impact":{"cvssv3":{"TM":{"RC":"C","RL":"O","E":"U"},"BM":{"AV":"N","C":"N","UI":"N","A":"N","AC":"L","S":"U","SCORE":"4.300","PR":"L","I":"L"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Bypass Security"}]}]},"CVE_data_meta":{"ID":"CVE-2019-4329","DATE_PUBLIC":"2019-10-23T00:00:00","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"data_type":"CVE"},"nvd":{"publishedDate":"2019-10-29 00:15:00","lastModifiedDate":"2022-01-01 20:11:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"4329","Ordinal":"141940","Title":"CVE-2019-4329","CVE":"CVE-2019-4329","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"4329","Ordinal":"1","NoteData":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"4329","Ordinal":"2","NoteData":"2019-10-28","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"4329","Ordinal":"3","NoteData":"2019-10-28","Type":"Other","Title":"Modified"}]}}}