nvd-json-data-feeds/CVE-2019/CVE-2019-13xx/CVE-2019-1332.json

{
  "id": "CVE-2019-1332",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2019-12-10T22:15:15.887",
  "lastModified": "2023-02-01T19:39:14.957",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SQL Server Reporting Services (SSRS) no sanea apropiadamente una petici\u00f3n web especialmente dise\u00f1ada para un servidor SSRS afectado, tambi\u00e9n se conoce como \"Microsoft SQL Server Reporting Services XSS Vulnerability\"."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:power_bi_report_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D6243F-3765-415F-9BDA-D9F8D59ABDE7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:sql_server_2017_reporting_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7219F3C0-25EE-4739-AE37-DC919E654781"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:sql_server_2019_reporting_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AECB3DA-2133-4CD0-9F11-730BAECE5A76"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services",
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332",
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}