cvelistv5 - cve-2019-0647

CVE-2019-0647 (GCVE-0-2019-0647)

Vulnerability from cvelistv5 – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51

Summary

An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/106650	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Team	Affected: Foundation Server 2017 Update 3.1 Affected: Foundation Server 2018 Update 1.2 Affected: Foundation Server 2018 Update 3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:26.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106650",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106650"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Team",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Foundation Server 2017 Update 3.1"
            },
            {
              "status": "affected",
              "version": "Foundation Server 2018 Update 1.2"
            },
            {
              "status": "affected",
              "version": "Foundation Server 2018 Update 3.2"
            }
          ]
        }
      ],
      "datePublic": "2019-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-19T10:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "106650",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106650"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0647",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Team",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Foundation Server 2017 Update 3.1"
                          },
                          {
                            "version_value": "Foundation Server 2018 Update 1.2"
                          },
                          {
                            "version_value": "Foundation Server 2018 Update 3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106650",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106650"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0647",
    "datePublished": "2019-01-17T18:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:26.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6AE94A8-76A3-4998-A7B4-60EA21530F3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F78642D-BE17-43A9-97E4-042EDE627678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5296DF6D-D32A-4D70-9A32-441750704C9A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \\\"Team Foundation Server Information Disclosure Vulnerability.\\\" This affects Team.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n cuando Team Foundation Server no gestiona de manera correcta las variables marcadas como secreto. Esto tambi\\u00e9n se conoce como \\\"Team Foundation Server Information Disclosure Vulnerability\\\". Esto afecta a Team.\"}]",
      "id": "CVE-2019-0647",
      "lastModified": "2024-11-21T04:17:02.070",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-01-17T18:29:00.507",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106650\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0647\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-01-17T18:29:00.507\",\"lastModified\":\"2024-11-21T04:17:02.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \\\"Team Foundation Server Information Disclosure Vulnerability.\\\" This affects Team.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Team Foundation Server no gestiona de manera correcta las variables marcadas como secreto. Esto tambi\u00e9n se conoce como \\\"Team Foundation Server Information Disclosure Vulnerability\\\". Esto afecta a Team.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AE94A8-76A3-4998-A7B4-60EA21530F3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F78642D-BE17-43A9-97E4-042EDE627678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5296DF6D-D32A-4D70-9A32-441750704C9A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106650\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2019-24388

Vulnerability from cnvd - Published: 2019-07-25

Title

Microsoft Team Foundation Server信息泄露漏洞

Description

Microsoft Team Foundation Server是美国微软（Microsoft）公司的一套应用程序生命周期管理（ALM）工具套件中的源代码管理、项目管理和团队协作平台。该平台可帮助团队更加灵活、有效地进行协作和更连贯地交付高质量的软件。 Microsoft Team Foundation Server 2017 Update 3.1版本、2018 Update 1.2版本和2018 Update 3.2版本中存在信息泄露漏洞，该漏洞源于程序未能处理标记为保密的变量，攻击者可通过创建任务组利用该漏洞查看其它用户隐藏的信息。

Severity

中

Patch Name

Microsoft Team Foundation Server信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-0647

Impacted products

Name
['Microsoft Team Foundation Server 2018 Update 3.2', 'Microsoft Team Foundation Server 2018 Update 1.2', 'Microsoft Team Foundation Server 2017 Update 3.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0647"
    }
  },
  "description": "Microsoft Team Foundation Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7ba1\u7406\uff08ALM\uff09\u5de5\u5177\u5957\u4ef6\u4e2d\u7684\u6e90\u4ee3\u7801\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u56e2\u961f\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u5e2e\u52a9\u56e2\u961f\u66f4\u52a0\u7075\u6d3b\u3001\u6709\u6548\u5730\u8fdb\u884c\u534f\u4f5c\u548c\u66f4\u8fde\u8d2f\u5730\u4ea4\u4ed8\u9ad8\u8d28\u91cf\u7684\u8f6f\u4ef6\u3002\n\nMicrosoft Team Foundation Server 2017 Update 3.1\u7248\u672c\u30012018 Update 1.2\u7248\u672c\u548c2018 Update 3.2\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5904\u7406\u6807\u8bb0\u4e3a\u4fdd\u5bc6\u7684\u53d8\u91cf\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u4efb\u52a1\u7ec4\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u5176\u5b83\u7528\u6237\u9690\u85cf\u7684\u4fe1\u606f\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-24388",
  "openTime": "2019-07-25",
  "patchDescription": "Microsoft Team Foundation Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7ba1\u7406\uff08ALM\uff09\u5de5\u5177\u5957\u4ef6\u4e2d\u7684\u6e90\u4ee3\u7801\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u56e2\u961f\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u5e2e\u52a9\u56e2\u961f\u66f4\u52a0\u7075\u6d3b\u3001\u6709\u6548\u5730\u8fdb\u884c\u534f\u4f5c\u548c\u66f4\u8fde\u8d2f\u5730\u4ea4\u4ed8\u9ad8\u8d28\u91cf\u7684\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Team Foundation Server 2017 Update 3.1\u7248\u672c\u30012018 Update 1.2\u7248\u672c\u548c2018 Update 3.2\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5904\u7406\u6807\u8bb0\u4e3a\u4fdd\u5bc6\u7684\u53d8\u91cf\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u4efb\u52a1\u7ec4\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u5176\u5b83\u7528\u6237\u9690\u85cf\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Team Foundation Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Team Foundation Server 2018 Update 3.2",
      "Microsoft Team Foundation Server 2018 Update 1.2",
      "Microsoft Team Foundation Server 2017 Update 3.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0647",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-18",
  "title": "Microsoft Team Foundation Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2019-0647

Vulnerability from fkie_nvd - Published: 2019-01-17 18:29 - Updated: 2024-11-21 04:17

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/106650	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106650	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	team_foundation_server	2017
microsoft	team_foundation_server	2018
microsoft	team_foundation_server	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*",
              "matchCriteriaId": "C6AE94A8-76A3-4998-A7B4-60EA21530F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*",
              "matchCriteriaId": "5F78642D-BE17-43A9-97E4-042EDE627678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*",
              "matchCriteriaId": "5296DF6D-D32A-4D70-9A32-441750704C9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Team Foundation Server no gestiona de manera correcta las variables marcadas como secreto. Esto tambi\u00e9n se conoce como \"Team Foundation Server Information Disclosure Vulnerability\". Esto afecta a Team."
    }
  ],
  "id": "CVE-2019-0647",
  "lastModified": "2024-11-21T04:17:02.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-17T18:29:00.507",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106650"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-064

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	Skype pour Business Server 2015 CU 8
Microsoft	Azure	Java SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 février 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 CU 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0613"
    },
    {
      "name": "CVE-2019-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0657"
    },
    {
      "name": "CVE-2019-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0624"
    },
    {
      "name": "CVE-2019-0741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0741"
    },
    {
      "name": "CVE-2019-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0646"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0743"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0647"
    },
    {
      "name": "CVE-2019-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0729"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0728"
    },
    {
      "name": "CVE-2019-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0742"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-064",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-064

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	Skype pour Business Server 2015 CU 8
Microsoft	Azure	Java SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 février 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 CU 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0613"
    },
    {
      "name": "CVE-2019-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0657"
    },
    {
      "name": "CVE-2019-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0624"
    },
    {
      "name": "CVE-2019-0741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0741"
    },
    {
      "name": "CVE-2019-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0646"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0743"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0647"
    },
    {
      "name": "CVE-2019-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0729"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0728"
    },
    {
      "name": "CVE-2019-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0742"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-064",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-V23R-27XV-R8WV

Vulnerability from github – Published: 2022-05-14 01:30 – Updated: 2022-05-14 01:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-17T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team.",
  "id": "GHSA-v23r-27xv-r8wv",
  "modified": "2022-05-14T01:30:42Z",
  "published": "2022-05-14T01:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0647"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106650"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-0647

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0647

Aliases

CVE-2019-0647

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0647",
    "description": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team.",
    "id": "GSD-2019-0647"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0647"
      ],
      "details": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team.",
      "id": "GSD-2019-0647",
      "modified": "2023-12-13T01:23:39.080571Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-0647",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Team",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Foundation Server 2017 Update 3.1"
                        },
                        {
                          "version_value": "Foundation Server 2018 Update 1.2"
                        },
                        {
                          "version_value": "Foundation Server 2018 Update 3.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "106650",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106650"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0647"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka \"Team Foundation Server Information Disclosure Vulnerability.\" This affects Team."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0647"
            },
            {
              "name": "106650",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106650"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-02-26T20:25Z",
      "publishedDate": "2019-01-17T18:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0647 (GCVE-0-2019-0647)

CNVD-2019-24388

FKIE_CVE-2019-0647

CERTFR-2019-AVI-064

Solution

CERTFR-2019-AVI-064

Solution

GHSA-V23R-27XV-R8WV

GSD-2019-0647

Tags

Sightings

Nomenclature