admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-13 15:06:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3140

Browse Source 
Auto-merge PR#3140
This commit is contained in:
CVE Team 2020-01-27 13:50:18 -05:00 committed by GitHub
commit 3c39dfa28a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 121 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
2019/11xxx/CVE-2019-11288.json
View File

@ -3,16 +3,134 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-01-15T00:00:00.000Z",
"ID": "CVE-2019-11288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal tc Server 4.x",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "Pivotal tc Server 3.x",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "3.2.19"
}
]
}
},
{
"product_name": "Pivotal tc Server 4.x Runtimes",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "7.x",
"version_value": "7.0.99.B"
},
{
"affected": "<",
"version_name": "8.x",
"version_value": "8.5.47.A"
},
{
"affected": "<",
"version_name": "9.x",
"version_value": "9.0.27.A"
}
]
}
},
{
"product_name": "Pivotal tc Server 3.x Runtimes",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "7.x",
"version_value": "7.0.99.B"
},
{
"affected": "<",
"version_name": "8.x",
"version_value": "8.5.47.A"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11288",
"name": "https://pivotal.io/security/cve-2019-11288"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}