cvelistv5 - cve-2019-19298

▼	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Patch, Vendor Advisory

▼	Vendor	Product
	Siemens	SiNVR/SiVMS Video Server
	Siemens	SiNVR/SiVMS Video Server

gsd-2019-19298

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.

Aliases

CVE-2019-19298

Aliases

CVE-2019-19298

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19298",
    "description": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.",
    "id": "GSD-2019-19298"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19298"
      ],
      "details": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.",
      "id": "GSD-2019-19298",
      "modified": "2023-12-13T01:23:53.978054Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-19298",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SiNVR/SiVMS Video Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003e= V5.0.0 \u003c V5.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr\\/sivms_video_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C828CDE1-4C89-4FF1-A8A7-434D665CD0E1",
                    "versionStartExcluding": "5.0.2",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.2). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de validaci\u00f3n de entrada, que podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de peticiones HTTP malformadas"
          }
        ],
        "id": "CVE-2019-19298",
        "lastModified": "2024-01-09T10:15:13.663",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-03-10T20:15:19.757",
        "references": [
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ghsa-wv2p-5j7g-h596

Vulnerability from github

Published

2022-05-24 17:10

Modified

2022-05-24 17:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats.",
  "id": "GHSA-wv2p-5j7g-h596",
  "modified": "2022-05-24T17:10:37Z",
  "published": "2022-05-24T17:10:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19298"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-202003-0782

Vulnerability from variot

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests. SiNVR 3 Central Control Server (CCS) and Video Server There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform.

SiNVR 3 has an input verification vulnerability in its implementation

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0782",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinvr\\/sivms video server",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.2"
      },
      {
        "model": "sinvr 3 central control server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr 3 video server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr central control server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": "sinvr video server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 central control server",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 video server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinvr\\/sivms_video_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionStartExcluding": "5.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported these vulnerabilities to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-19298",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014866",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-17011",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "df18f37f-b2ee-4824-92ae-b43693006059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014866",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-19298",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-19298",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014866",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17011",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-494",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "df18f37f-b2ee-4824-92ae-b43693006059",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests. SiNVR 3 Central Control Server (CCS) and Video Server There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform. \n\r\n\r\nSiNVR 3 has an input verification vulnerability in its implementation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19298",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-844761",
        "trust": 1.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-070-01",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "46119",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "DF18F37F-B2EE-4824-92AE-B43693006059",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "id": "VAR-202003-0782",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      }
    ],
    "trust": 1.454873825
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      }
    ]
  },
  "last_update_date": "2024-01-17T18:48:41.991000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-844761",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "title": "Patch for Siemens SiNVR 3 input verification vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/208735"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19298"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19298"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-070-01"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/46119"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-10T00:00:00",
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "date": "2020-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "date": "2020-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "date": "2020-03-10T20:15:19.757000",
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17011"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      },
      {
        "date": "2021-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      },
      {
        "date": "2024-01-09T10:15:13.663000",
        "db": "NVD",
        "id": "CVE-2019-19298"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SiNVR 3 Central Control Server and  Video Server Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014866"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "df18f37f-b2ee-4824-92ae-b43693006059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-494"
      }
    ],
    "trust": 0.8
  }
}

ssa-844761

Vulnerability from csaf_siemens

Published

2020-03-10 00:00

Modified

2024-01-09 00:00

Summary

SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server

Notes

Summary

The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE ( https://pke.at/).

General Recommendations

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities\ninvolving information disclosure (CVE-2019-19291, CVE-2019-19299),\npath traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).\n\nPKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299.\nThis update is not available under the former Siemens OEM brand name SiNVR.\nFor details contact PKE (\nhttps://pke.at/).",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-844761.html"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-844761.json"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt"
      }
    ],
    "title": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server",
    "tracking": {
      "current_release_date": "2024-01-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-844761",
      "initial_release_date": "2020-03-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2020-03-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2021-04-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added partial solution for SiNVR/SiVMS Video Server; removed information for Control Center Server (CCS), which is now addressed in SSA-761844"
        },
        {
          "date": "2021-08-10T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added solution for CVE-2019-19298 and related additional security hardening measures"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Cleanup: removed orphaned links to vendor advisories and software downloads"
        }
      ],
      "status": "interim",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV5.0.0",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V5.0.0\u003cV5.0.2",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V5.0.2",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "SiNVR/SiVMS Video Server"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19291",
      "cwe": {
        "id": "CWE-313",
        "name": "Cleartext Storage in a File or on Disk"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19291, CVE-2019-19296: Disable the two FTP services of the Video Server",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19291"
    },
    {
      "cve": "CVE-2019-19296",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server, if the FTP services are enabled.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19291, CVE-2019-19296: Disable the two FTP services of the Video Server",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19296"
    },
    {
      "cve": "CVE-2019-19297",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19297"
    },
    {
      "cve": "CVE-2019-19298",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19298: The update to V5.0.2 also provides an additional authentication feature that allows to protect the access to the streaming service via individual account names and passwords for every stream recorder. It is recommended to configure this feature accordingly. For details see the release notes of V5.0.2",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.2 or later version",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-19298"
    },
    {
      "cve": "CVE-2019-19299",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1",
            "2",
            "3"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.2 or later version",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "3",
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-19299"
    }
  ]
}

cve-2019-19298

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2019-19298

Vulnerability from cvelistv5

gsd-2019-19298

Vulnerability from gsd

ghsa-wv2p-5j7g-h596

Vulnerability from github

var-202003-0782

Vulnerability from variot

ssa-844761

Vulnerability from csaf_siemens

Tags

Sightings

Nomenclature