admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-112xx/CVE-2019-11275.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

204 lines
7.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-11275",
"sourceIdentifier": "security@pivotal.io",
"published": "2019-10-01T15:15:11.650",
"lastModified": "2020-10-16T13:17:34.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
},
{
"lang": "es",
"value": "Pivotal Application Manager, versiones 666.0.x anteriores a 666.0.36, versiones 667.0.x anteriores a 667.0.22, versiones 668.0.x anteriores a 668.0.21, versiones 669.0.x anteriores a 669.0.13 y versiones 670.0.x anteriores a 670.0.7, contienen una vulnerabilidad donde un usuario autenticado remoto puede crear una aplicaci\u00f3n con un nombre tal que un programa csv pueda interpretar en una f\u00f3rmula y ser ejecutado. El usuario malicioso puede conseguir acceso a un reporte de uso que requiere un mayor privilegio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@pivotal.io",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
},
{
"source": "security@pivotal.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:apps_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "666.0.0",
"versionEndExcluding": "666.0.36",
"matchCriteriaId": "D44F12A8-BB85-4F47-9422-0C5070B1554B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:apps_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "667.0.0",
"versionEndExcluding": "667.0.22",
"matchCriteriaId": "279FE72A-4CD1-436D-A069-FAB0A70166DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:apps_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "668.0.0",
"versionEndExcluding": "668.0.21",
"matchCriteriaId": "CFC5E0B9-2897-432B-9972-7C66372E7998"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:apps_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "669.0.0",
"versionEndExcluding": "669.0.13",
"matchCriteriaId": "FFBF0CCE-5C54-4DBA-A784-054ED1FEE142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal:apps_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "670.0.0",
"versionEndExcluding": "670.0.7",
"matchCriteriaId": "6D0D669E-2444-43F3-B3FA-1BEB3AF063D1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndIncluding": "2.3.18",
"matchCriteriaId": "B355FF03-4AEE-46CF-A357-60E28D6BE1C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndIncluding": "2.4.14",
"matchCriteriaId": "799BBFDE-7A92-4976-B823-F06D37D27312"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndIncluding": "2.5.1",
"matchCriteriaId": "8198778A-7E47-4927-83FB-3C52F8C8EC8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndIncluding": "2.6.5",
"matchCriteriaId": "828C8237-0F42-46F0-BC25-C232016A8B93"
}
]
}
]
}
],
"references": [
{
"url": "https://pivotal.io/security/cve-2019-11275",
"source": "security@pivotal.io",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink