admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-76xx/CVE-2019-7667.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

129 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-7667",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-01T19:15:11.570",
"lastModified": "2022-10-21T19:41:33.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system."
},
{
"lang": "es",
"value": "Prima Systems FlexAir, en la version 2.3.38 y anteriores. La aplicaci\u00f3n genera archivos de respaldo de la base de datos con un nombre predecible, y un atacante puede forzar para identificar el nombre del archivo de respaldo de la base de datos. Un actor malintencionado puede explotar este problema para descargar el archivo de la base de datos y divulgar informaci\u00f3n de inicio de sesi\u00f3n, lo que puede permitir al atacante omitir la autenticaci\u00f3n y tener acceso completo al sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.3.38",
"matchCriteriaId": "175CBF56-BD66-48B3-A3AC-25B4FCD4F601"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://applied-risk.com/labs/advisories",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.applied-risk.com/resources/ar-2019-007",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink