cvelist/2019/18xxx/CVE-2019-18284.json

{
    "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-18284",
        "STATE": "PUBLIC"
    },
    "data_format": "MITRE",
    "data_version": "4.0",
    "data_type": "CVE",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Siemens AG",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "SPPA-T3000 Application Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-287: Improper Authentication"
                    }
                ]
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An\nattacker can use methods exposed via this interface to receive password hashes\nof other users and to change user passwords.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.  \n"
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
            }
        ]
    }
}
Siemens CVE update for Siemens-AD-2019-12 2019-12-12 16:22:36 +01:00			`{`
			`"CVE_data_meta": {`
			`"ASSIGNER": "productcert@siemens.com",`
			`"ID": "CVE-2019-18284",`
			`"STATE": "PUBLIC"`
			`},`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Siemens AG",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "SPPA-T3000 Application Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-287: Improper Authentication"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An\nattacker can use methods exposed via this interface to receive password hashes\nof other users and to change user passwords.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"`
			`}`
			`]`
			`}`
			`}`