admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-182xx/CVE-2019-18283.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

134 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-18283",
"sourceIdentifier": "productcert@siemens.com",
"published": "2019-12-12T19:15:15.437",
"lastModified": "2022-03-04T20:51:02.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SPPA-T3000 Application Server (Todas las versiones anteriores a la versi\u00f3n Service Pack R8.2 SP2). El AdminService est\u00e1 disponible sin autenticaci\u00f3n en Application Server. Un atacante puede obtener la ejecuci\u00f3n remota de c\u00f3digo enviando objetos espec\u00edficamente dise\u00f1ados a una de sus funciones. Tenga en cuenta que un atacante necesita tener acceso a Application Highway para poder explotar esta vulnerabilidad. En el momento de la publicaci\u00f3n del aviso no se conoc\u00eda ninguna explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sppa-t3000_application_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r8.2",
"matchCriteriaId": "5CE233B0-3F20-4FA8-8E26-CCC3E21E49E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sppa-t3000_application_server:r8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "4EBA7673-3A24-4DF7-9D9C-4B863863083C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sppa-t3000_application_server:r8.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0975E8C-C34F-4BD2-B4CF-41E5FBFD8A12"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html",
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink