cvelistv5 - cve-2019-0102

cve-2019-0102

Vulnerability from cvelistv5

Published

2019-02-18 17:00

Modified

2024-09-16 17:57

Severity ?

Summary

References

URL	Tags
secure@intel.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
secure@intel.com	http://www.securityfocus.com/bid/107069	Third Party Advisory, VDB Entry
secure@intel.com	https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory, US Government Resource
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107069	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
          },
          {
            "name": "107069",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107069"
          },
          {
            "name": "openSUSE-SU-2020:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-27T23:06:14",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
        },
        {
          "name": "107069",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107069"
        },
        {
          "name": "openSUSE-SU-2020:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2019-02-12T00:00:00",
          "ID": "CVE-2019-0102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
            },
            {
              "name": "107069",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107069"
            },
            {
              "name": "openSUSE-SU-2020:1105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-0102",
    "datePublished": "2019-02-18T17:00:00Z",
    "dateReserved": "2018-11-13T00:00:00",
    "dateUpdated": "2024-09-16T17:57:52.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.2\", \"matchCriteriaId\": \"A9CFEB9D-54FC-4F61-851D-37D4CACCC09F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\"}, {\"lang\": \"es\", \"value\": \"Una autenticaci\\u00f3n de sesi\\u00f3n insuficiente en el servidor web para Intel \\u00ae Data Center Manager SDK, en versiones anteriores a la 5.0.2, podr\\u00eda permitir a un usuario no autenticado habilitar un escalado de privilegios mediante un acceso de red.\"}]",
      "id": "CVE-2019-0102",
      "lastModified": "2024-11-21T04:16:13.973",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-02-18T17:29:00.407",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html\", \"source\": \"secure@intel.com\"}, {\"url\": \"http://www.securityfocus.com/bid/107069\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/107069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-384\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0102\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-02-18T17:29:00.407\",\"lastModified\":\"2024-11-21T04:16:13.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\"},{\"lang\":\"es\",\"value\":\"Una autenticaci\u00f3n de sesi\u00f3n insuficiente en el servidor web para Intel \u00ae Data Center Manager SDK, en versiones anteriores a la 5.0.2, podr\u00eda permitir a un usuario no autenticado habilitar un escalado de privilegios mediante un acceso de red.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"A9CFEB9D-54FC-4F61-851D-37D4CACCC09F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html\",\"source\":\"secure@intel.com\"},{\"url\":\"http://www.securityfocus.com/bid/107069\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/107069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) Data Center Manager SDK Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. An attackers may exploit this issue to gain elevated privileges. Intel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0790",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data center manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5.0.2"
      },
      {
        "model": "data center manager sdk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "5.0.2"
      },
      {
        "model": "data center manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "model": "data center manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel\u2019s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,DCG Red Team.,vendor ??",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0102",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-0102",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-140133",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-0102",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-0102",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-698",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-140133",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) Data Center Manager SDK Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Data Center Manager SDK is prone to multiple privilege-escalation vulnerabilities. \nAn attackers may exploit this issue to gain elevated privileges. \nIntel Data Center Manager SDK version prior 5.0.2 are vulnerable. This product mainly provides real-time power supply and heat dissipation data of equipment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "BID",
        "id": "107069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0102",
        "trust": 2.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-050-01",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "107069",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "42775",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0521",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-140133",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "db": "BID",
        "id": "107069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "id": "VAR-201902-0790",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:00:32.399000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00215",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
      },
      {
        "title": "Intel Data Center Manager SDK Web Server security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89520"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-384",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-050-01"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/107069"
      },
      {
        "trust": 2.0,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0102"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0102"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75830"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/42775"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "db": "BID",
        "id": "107069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "db": "BID",
        "id": "107069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "107069"
      },
      {
        "date": "2019-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "date": "2019-02-18T17:29:00.407000",
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "date": "2019-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-140133"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "107069"
      },
      {
        "date": "2019-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      },
      {
        "date": "2020-07-28T00:15:11.937000",
        "db": "NVD",
        "id": "CVE-2019-0102"
      },
      {
        "date": "2020-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) Data Center Manager SDK Session fixation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001859"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-698"
      }
    ],
    "trust": 0.6
  }
}

ICSA-19-050-01

Vulnerability from csaf_cisa

Published

2019-02-19 00:00

Modified

2019-02-19 00:00

Summary

Intel Data Center Manager SDK

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure.

Critical infrastructure sectors

Information Technology

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Intel \u0027s Product Security Incident Response Team",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-050-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-050-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-050-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-01"
      }
    ],
    "title": "Intel Data Center Manager SDK",
    "tracking": {
      "current_release_date": "2019-02-19T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-050-01",
      "initial_release_date": "2019-02-19T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-02-19T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-050-01 Intel Data Center Manager SDK"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.0.2",
                "product": {
                  "name": "Intel Data Center Manager SDK: prior to Version 5.0.2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Intel Data Center Manager SDK"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-0102",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient session authentication may allow an unauthenticated user to enable escalation of privilege via network access.CVE-2019-0102 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0102"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0103",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file protection in the install routine may allow an authenticated user to enable information disclosure via local access. CVE-2019-0103 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0103"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0104",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file protection in the uninstall routine may allow an authenticated user to enable information disclosure via local access. CVE-2019-0104 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0104"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0105",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file permissions checking in the install routine may allow an authenticated user to enable escalation of privilege via local access.CVE-2019-0105 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0105"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0106",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient run protection in the install routine may allow a privileged user to enable escalation of privilege via local access.CVE-2019-0106 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0106"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0107",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient user prompt in the install routine may allow a privileged user to enable escalation of privilege via local access.CVE-2019-0107 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0107"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0108",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper file permissions may allow an authenticated user to enable disclosure of information via local access.CVE-2019-0108 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0108"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0109",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper folder permissions may allow an authenticated user to enable disclosure of information via local access.CVE-2019-0109 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0109"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0110",
      "cwe": {
        "id": "CWE-1391",
        "name": "Use of Weak Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient key management may allow an authenticated user to enable information disclosure via local access.CVE-2019-0110 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0110"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0111",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper file permissions may allow an authenticated user to enable information disclosure via local access.CVE-2019-0111 has been assigned to this vulnerability. A CVSS v3 base score of 3.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0111"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0112",
      "cwe": {
        "id": "CWE-691",
        "name": "Insufficient Control Flow Management"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper flow control in crypto routines may allow a privileged user to enable a denial of service via local access.CVE-2019-0112 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0112"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

icsa-19-050-01

Vulnerability from csaf_cisa

Published

2019-02-19 00:00

Modified

2019-02-19 00:00

Summary

Intel Data Center Manager SDK

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure.

Critical infrastructure sectors

Information Technology

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Intel \u0027s Product Security Incident Response Team",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-050-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-050-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-050-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-01"
      }
    ],
    "title": "Intel Data Center Manager SDK",
    "tracking": {
      "current_release_date": "2019-02-19T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-050-01",
      "initial_release_date": "2019-02-19T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-02-19T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-050-01 Intel Data Center Manager SDK"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 5.0.2",
                "product": {
                  "name": "Intel Data Center Manager SDK: prior to Version 5.0.2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Intel Data Center Manager SDK"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-0102",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient session authentication may allow an unauthenticated user to enable escalation of privilege via network access.CVE-2019-0102 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0102"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0103",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file protection in the install routine may allow an authenticated user to enable information disclosure via local access. CVE-2019-0103 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0103"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0104",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file protection in the uninstall routine may allow an authenticated user to enable information disclosure via local access. CVE-2019-0104 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0104"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0105",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient file permissions checking in the install routine may allow an authenticated user to enable escalation of privilege via local access.CVE-2019-0105 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0105"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0106",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient run protection in the install routine may allow a privileged user to enable escalation of privilege via local access.CVE-2019-0106 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0106"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0107",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient user prompt in the install routine may allow a privileged user to enable escalation of privilege via local access.CVE-2019-0107 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0107"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0108",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper file permissions may allow an authenticated user to enable disclosure of information via local access.CVE-2019-0108 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0108"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0109",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper folder permissions may allow an authenticated user to enable disclosure of information via local access.CVE-2019-0109 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0109"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0110",
      "cwe": {
        "id": "CWE-1391",
        "name": "Use of Weak Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Insufficient key management may allow an authenticated user to enable information disclosure via local access.CVE-2019-0110 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0110"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0111",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper file permissions may allow an authenticated user to enable information disclosure via local access.CVE-2019-0111 has been assigned to this vulnerability. A CVSS v3 base score of 3.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0111"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-0112",
      "cwe": {
        "id": "CWE-691",
        "name": "Insufficient Control Flow Management"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Improper flow control in crypto routines may allow a privileged user to enable a denial of service via local access.CVE-2019-0112 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0112"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/software/intel-dcm-where-to-buy.html"
        },
        {
          "category": "mitigation",
          "details": "For more information, see Intel security advisory INTEL-SA-00215 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

cve-2019-0102

Vulnerability from fkie_nvd

Published

2019-02-18 17:29

Modified

2024-11-21 04:16

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@intel.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
secure@intel.com	http://www.securityfocus.com/bid/107069	Third Party Advisory, VDB Entry
secure@intel.com	https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory, US Government Resource
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107069	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	data_center_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9CFEB9D-54FC-4F61-851D-37D4CACCC09F",
              "versionEndExcluding": "5.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
    },
    {
      "lang": "es",
      "value": "Una autenticaci\u00f3n de sesi\u00f3n insuficiente en el servidor web para Intel \u00ae Data Center Manager SDK, en versiones anteriores a la 5.0.2, podr\u00eda permitir a un usuario no autenticado habilitar un escalado de privilegios mediante un acceso de red."
    }
  ],
  "id": "CVE-2019-0102",
  "lastModified": "2024-11-21T04:16:13.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-18T17:29:00.407",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107069"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-2rx9-6m9m-h79v

Vulnerability from github

Published

2022-05-13 01:25

Modified

2022-05-13 01:25

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-384"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-18T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
  "id": "GHSA-2rx9-6m9m-h79v",
  "modified": "2022-05-13T01:25:04Z",
  "published": "2022-05-13T01:25:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0102"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-0102

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-0102

Aliases

CVE-2019-0102

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0102",
    "description": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
    "id": "GSD-2019-0102"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0102"
      ],
      "details": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
      "id": "GSD-2019-0102",
      "modified": "2023-12-13T01:23:39.652284Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "DATE_PUBLIC": "2019-02-12T00:00:00",
        "ID": "CVE-2019-0102",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
          },
          {
            "name": "107069",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107069"
          },
          {
            "name": "openSUSE-SU-2020:1105",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-0102"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-384"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html"
            },
            {
              "name": "107069",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107069"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01",
              "refsource": "MISC",
              "tags": [
                "US Government Resource",
                "Third Party Advisory"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01"
            },
            {
              "name": "openSUSE-SU-2020:1105",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-07-28T00:15Z",
      "publishedDate": "2019-02-18T17:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2019-0102

Vulnerability from cvelistv5

var-201902-0790

Vulnerability from variot

ICSA-19-050-01

Vulnerability from csaf_cisa

icsa-19-050-01

Vulnerability from csaf_cisa

cve-2019-0102

Vulnerability from fkie_nvd

ghsa-2rx9-6m9m-h79v

Vulnerability from github

gsd-2019-0102

Vulnerability from gsd

Tags

Sightings

Nomenclature