{"api_version":"1","generated_at":"2026-05-14T16:14:04+00:00","cve":"CVE-2019-4562","urls":{"html":"https://cve.report/CVE-2019-4562","api":"https://cve.report/api/cve/CVE-2019-4562.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-4562","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-4562"},"summary":{"title":"CVE-2019-4562","description":"IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2020-02-04 17:15:00","updated_at":"2020-02-04 21:52:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/166623","name":"ibm-sds-cve20194562-info-disc (166623)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ibm.com/support/pages/node/1288660","name":"https://www.ibm.com/support/pages/node/1288660","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-4562","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-4562","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"4562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_directory_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4562","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_directory_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]},"data_format":"MITRE","description":{"description_data":[{"lang":"eng","value":"IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623."}]},"impact":{"cvssv3":{"BM":{"C":"L","UI":"N","PR":"N","S":"U","AV":"N","AC":"H","SCORE":"3.700","I":"N","A":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Security Directory Server","version":{"version_data":[{"version_value":"6.4.0"}]}}]}}]}},"references":{"reference_data":[{"refsource":"CONFIRM","title":"IBM Security Bulletin 1288660 (Security Directory Server)","url":"https://www.ibm.com/support/pages/node/1288660","name":"https://www.ibm.com/support/pages/node/1288660"},{"name":"ibm-sds-cve20194562-info-disc (166623)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/166623"}]},"CVE_data_meta":{"DATE_PUBLIC":"2020-02-03T00:00:00","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC","ID":"CVE-2019-4562"},"data_type":"CVE"},"nvd":{"publishedDate":"2020-02-04 17:15:00","lastModifiedDate":"2020-02-04 21:52:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0.0","versionEndExcluding":"6.4.0.20","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"4562","Ordinal":"142173","Title":"CVE-2019-4562","CVE":"CVE-2019-4562","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"4562","Ordinal":"1","NoteData":"IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"4562","Ordinal":"2","NoteData":"2020-02-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"4562","Ordinal":"3","NoteData":"2020-02-04","Type":"Other","Title":"Modified"}]}}}