admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-139xx/CVE-2019-13931.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

115 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-13931",
"sourceIdentifier": "productcert@siemens.com",
"published": "2019-12-12T19:15:14.827",
"lastModified": "2019-12-19T17:27:23.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en XHQ (Todas las versiones anteriores a V6.0.0.2). La interfaz web podr\u00eda permitir a un atacante crear la entrada de una forma que no es esperada, causando que la aplicaci\u00f3n se comporte de manera inesperada para los usuarios leg\u00edtimos. Una explotaci\u00f3n con \u00e9xito requiere que un atacante se autentique en la interfaz web. Un ataque con \u00e9xito podr\u00eda causar que la aplicaci\u00f3n tenga un comportamiento inesperado. Esto podr\u00eda permitir al atacante modificar el contenido de la aplicaci\u00f3n web. Al momento de la publicaci\u00f3n del aviso, no era conocida la explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:xhq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.0.2",
"matchCriteriaId": "180ADD9E-93A2-44CC-A8BB-AA481EDFFAB8"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf",
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink