nvd-json-data-feeds/CVE-2019/CVE-2019-83xx/CVE-2019-8385.json

{
  "id": "CVE-2019-8385",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-06-05T19:29:00.483",
  "lastModified": "2019-06-06T23:33:21.437",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \\.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution."
    },
    {
      "lang": "es",
      "value": "Fue encontrado un problema en Thomson Reuters Desktop Extensions versi\u00f3n 1.9.0.358. Una vulnerabilidad de salto de directorios no identificado y de inclusi\u00f3n de archivo local en los archivos ThomsonReuters.Desktop.Service.exe y ThomsonReuters.Desktop.exe permite que un atacante remoto liste o enumere los contenidos confidenciales de los archivos por medio de un \\.. hacia el puerto 6677. Adem\u00e1s, esto podr\u00eda permitir una escalada de privilegios volcando los archivos de la base de datos SAM y SYSTEM de la m\u00e1quina afectada, as\u00ed como la ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:thomsonreuters:concourse_matter_room:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2.13.0098",
              "matchCriteriaId": "F4AD22E4-8547-4106-96DD-0B0C88BC4F31"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:thomsonreuters:firm_central_desktop:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2.13.0098",
              "matchCriteriaId": "4A37DC7F-5488-48B0-9D2B-E8236918E896"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.thomsonreuters.com/en/products-services.html",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2019-8385",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2019-06-05T19:29:00.483",`
			`"lastModified": "2019-06-06T23:33:21.437",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \\.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution."`
			`},`
			`{`
			`"lang": "es",`
			"value": "Fue encontrado un problema en Thomson Reuters Desktop Extensions versi\u00f3n 1.9.0.358. Una vulnerabilidad de salto de directorios no identificado y de inclusi\u00f3n de archivo local en los archivos ThomsonReuters.Desktop.Service.exe y ThomsonReuters.Desktop.exe permite que un atacante remoto liste o enumere los contenidos confidenciales de los archivos por medio de un \\.. hacia el puerto 6677. Adem\u00e1s, esto podr\u00eda permitir una escalada de privilegios volcando los archivos de la base de datos SAM y SYSTEM de la m\u00e1quina afectada, as\u00ed como la ejecuci\u00f3n de c\u00f3digo remota."
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "PARTIAL",`
			`"baseScore": 7.5`
			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 6.4,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-22"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:thomsonreuters:concourse_matter_room::::::::",`
			`"versionEndExcluding": "2.13.0098",`
			`"matchCriteriaId": "F4AD22E4-8547-4106-96DD-0B0C88BC4F31"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:thomsonreuters:firm_central_desktop::::::::",`
			`"versionEndExcluding": "2.13.0098",`
			`"matchCriteriaId": "4A37DC7F-5488-48B0-9D2B-E8236918E896"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://www.thomsonreuters.com/en/products-services.html",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`