cvelistv5 - cve-2019-6025

CVE-2019-6025 (GCVE-0-2019-6025)

Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16

Summary

Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Severity ?

No CVSS data available.

CWE

Open Redirect

Assigner

jpcert

References

URL

Tags

	https://movabletype.org/news/2019/11/movable_type…	x_refsource_MISC
	http://jvn.jp/en/jp/JVN65280626/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Six Apart Ltd	Movable Type series	Affected: Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:23.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type series",
          "vendor": "Six Apart Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-26T15:16:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Movable Type series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Six Apart Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
              "refsource": "MISC",
              "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN65280626/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-6025",
    "datePublished": "2019-12-26T15:16:50",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:23.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndIncluding\": \"6.3.9\", \"matchCriteriaId\": \"D33BB800-5A4E-427F-982C-B60254195A76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndIncluding\": \"7.1.3\", \"matchCriteriaId\": \"BC5AB3F2-5F5C-463B-9165-0449B3FC6155\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1861BA8B-99BF-4C29-8407-09B512FDC01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1E1A42-6695-4E9D-BC5E-C79DAE977323\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\", \"versionEndIncluding\": \"1.24\", \"matchCriteriaId\": \"5CAEED13-1824-4958-98E7-62119CD41593\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*\", \"versionEndIncluding\": \"1.24\", \"matchCriteriaId\": \"A51EB193-5341-4C00-9777-7267A2E08849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndIncluding\": \"6.3.9\", \"matchCriteriaId\": \"7EE9B197-ABA5-4E2C-9CF0-94FC409C4112\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndIncluding\": \"7.1.3\", \"matchCriteriaId\": \"58C3552A-3617-40FC-AA89-484C51E414E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"DC85493D-435C-4491-AC15-50375158F297\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"1727A7E1-BC1E-4E7F-8F4B-2F4CCA0837F4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de redireccionamiento abierto en la serie Movable Type Movable Type versi\\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\\u00f3n 7), Movable Type versiones 6.5.0 y 6.5.1 (Movable Type versi\\u00f3n 6.5), Movable Type versi\\u00f3n 6.3.9 y anteriores (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced versi\\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\\u00f3n 7), Movable Type Advanced versiones 6.5.0 y 6.5.1 (Movable Type versi\\u00f3n 6.5), Movable Type Advanced versi\\u00f3n 6.3.9 y anterior (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium versi\\u00f3n 1.24 y anteriores (Movable Type Premium) y Movable Type Premium (Advanced Edici\\u00f3n) versi\\u00f3n 1.24 y anteriores (Movable Type Premium), permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing por medio de una URL especialmente dise\\u00f1ada.\"}]",
      "id": "CVE-2019-6025",
      "lastModified": "2024-11-21T04:45:56.283",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-12-26T16:15:12.247",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN65280626/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN65280626/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6025\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-12-26T16:15:12.247\",\"lastModified\":\"2024-11-21T04:45:56.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de redireccionamiento abierto en la serie Movable Type Movable Type versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type versi\u00f3n 6.3.9 y anteriores (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type Advanced versi\u00f3n 6.3.9 y anterior (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium versi\u00f3n 1.24 y anteriores (Movable Type Premium) y Movable Type Premium (Advanced Edici\u00f3n) versi\u00f3n 1.24 y anteriores (Movable Type Premium), permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing por medio de una URL especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndIncluding\":\"6.3.9\",\"matchCriteriaId\":\"D33BB800-5A4E-427F-982C-B60254195A76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.1.3\",\"matchCriteriaId\":\"BC5AB3F2-5F5C-463B-9165-0449B3FC6155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1861BA8B-99BF-4C29-8407-09B512FDC01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1E1A42-6695-4E9D-BC5E-C79DAE977323\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionEndIncluding\":\"1.24\",\"matchCriteriaId\":\"5CAEED13-1824-4958-98E7-62119CD41593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*\",\"versionEndIncluding\":\"1.24\",\"matchCriteriaId\":\"A51EB193-5341-4C00-9777-7267A2E08849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndIncluding\":\"6.3.9\",\"matchCriteriaId\":\"7EE9B197-ABA5-4E2C-9CF0-94FC409C4112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.1.3\",\"matchCriteriaId\":\"58C3552A-3617-40FC-AA89-484C51E414E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"DC85493D-435C-4491-AC15-50375158F297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"1727A7E1-BC1E-4E7F-8F4B-2F4CCA0837F4\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN65280626/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN65280626/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

JVNDB-2019-000069

Vulnerability from jvndb - Published: 2019-11-13 13:59 - Updated:2019-11-13 13:59

Severity ?

4.7 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Summary

Movable Type vulnerable to open redirect

Details

Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability (CWE-601). Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN65280626/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6025
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6025
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Six Apart, Ltd.

Movable Type

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "dc:date": "2019-11-13T13:59+09:00",
  "dcterms:issued": "2019-11-13T13:59+09:00",
  "dcterms:modified": "2019-11-13T13:59+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability (CWE-601).\r\n\r\nHidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000069",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN65280626/index.html",
      "@id": "JVN#65280626",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6025",
      "@id": "CVE-2019-6025",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6025",
      "@id": "CVE-2019-6025",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Movable Type vulnerable to open redirect"
}

FKIE_CVE-2019-6025

Vulnerability from fkie_nvd - Published: 2019-12-26 16:15 - Updated: 2024-11-21 04:45

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN65280626/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN65280626/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html	Vendor Advisory

Impacted products

Vendor	Product	Version
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	6.5.0
sixapart	movable_type	6.5.1
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	6.5.0
sixapart	movable_type	6.5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D33BB800-5A4E-427F-982C-B60254195A76",
              "versionEndIncluding": "6.3.9",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC5AB3F2-5F5C-463B-9165-0449B3FC6155",
              "versionEndIncluding": "7.1.3",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1861BA8B-99BF-4C29-8407-09B512FDC01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1E1A42-6695-4E9D-BC5E-C79DAE977323",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "5CAEED13-1824-4958-98E7-62119CD41593",
              "versionEndIncluding": "1.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
              "matchCriteriaId": "A51EB193-5341-4C00-9777-7267A2E08849",
              "versionEndIncluding": "1.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "7EE9B197-ABA5-4E2C-9CF0-94FC409C4112",
              "versionEndIncluding": "6.3.9",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "58C3552A-3617-40FC-AA89-484C51E414E2",
              "versionEndIncluding": "7.1.3",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "DC85493D-435C-4491-AC15-50375158F297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "1727A7E1-BC1E-4E7F-8F4B-2F4CCA0837F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redireccionamiento abierto en la serie Movable Type Movable Type versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type versi\u00f3n 6.3.9 y anteriores (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type Advanced versi\u00f3n 6.3.9 y anterior (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium versi\u00f3n 1.24 y anteriores (Movable Type Premium) y Movable Type Premium (Advanced Edici\u00f3n) versi\u00f3n 1.24 y anteriores (Movable Type Premium), permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing por medio de una URL especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2019-6025",
  "lastModified": "2024-11-21T04:45:56.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-26T16:15:12.247",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CC2H-7VFW-MGXV

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6025"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-26T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.",
  "id": "GHSA-cc2h-7vfw-mgxv",
  "modified": "2022-05-24T17:05:08Z",
  "published": "2022-05-24T17:05:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6025"
    },
    {
      "type": "WEB",
      "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2019-41656

Vulnerability from cnvd - Published: 2019-11-21

Title

Six Apart Movable Type打开重定向漏洞

Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Six Apart MT中存在打开重定向漏洞，攻击者可利用该漏洞将用户重定向到任意网站。

Severity

低

Patch Name

Six Apart Movable Type打开重定向漏洞的补丁

Patch Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Six Apart MT中存在打开重定向漏洞，攻击者可利用该漏洞将用户重定向到任意网站。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html

Reference

https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html

Impacted products

Name
['Six Apart Movable Type <=7 r.4602 (7.1.3)', 'Six Apart Movable Type 6.5.0', 'Six Apart Movable Type 6.5.1', 'Six Apart Movable Type <=6.3.9', 'Six Apart Movable Type Advanced <=7 r.4602', 'Six Apart Movable Type Advanced 6.5.0', 'Six Apart Movable Type Advanced 6.5.1', 'Six Apart Movable Type Advanced <=6.3.9', 'Six Apart Movable Type Premium <=1.24', 'Six Apart Movable Type Premium (Advanced Edition) <=1.24']

Name

['Six Apart Movable Type <=7 r.4602 (7.1.3)', 'Six Apart Movable Type 6.5.0', 'Six Apart Movable Type 6.5.1', 'Six Apart Movable Type <=6.3.9', 'Six Apart Movable Type Advanced <=7 r.4602', 'Six Apart Movable Type Advanced 6.5.0', 'Six Apart Movable Type Advanced 6.5.1', 'Six Apart Movable Type Advanced <=6.3.9', 'Six Apart Movable Type Premium <=1.24', 'Six Apart Movable Type Premium (Advanced Edition) <=1.24']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6025",
      "cveUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6025"
    }
  },
  "description": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u591a\u7528\u6237\u3001\u8bc4\u8bba\u3001\u5f15\u7528\u548c\u4e3b\u9898\u7b49\u529f\u80fd\u3002\n\nSix Apart MT\u4e2d\u5b58\u5728\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41656",
  "openTime": "2019-11-21",
  "patchDescription": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u591a\u7528\u6237\u3001\u8bc4\u8bba\u3001\u5f15\u7528\u548c\u4e3b\u9898\u7b49\u529f\u80fd\u3002\r\n\r\nSix Apart MT\u4e2d\u5b58\u5728\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Six Apart Movable Type\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Six Apart Movable Type \u003c=7 r.4602 (7.1.3)",
      "Six Apart Movable Type 6.5.0",
      "Six Apart Movable Type 6.5.1",
      "Six Apart Movable Type \u003c=6.3.9",
      "Six Apart Movable Type Advanced \u003c=7 r.4602",
      "Six Apart Movable Type Advanced 6.5.0",
      "Six Apart Movable Type Advanced 6.5.1",
      "Six Apart Movable Type Advanced \u003c=6.3.9",
      "Six Apart Movable Type Premium \u003c=1.24",
      "Six Apart Movable Type Premium (Advanced Edition) \u003c=1.24"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-13",
  "title": "Six Apart Movable Type\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

GSD-2019-6025

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6025

Aliases

CVE-2019-6025

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6025",
    "description": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.",
    "id": "GSD-2019-6025"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6025"
      ],
      "details": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.",
      "id": "GSD-2019-6025",
      "modified": "2023-12-13T01:23:49.775371Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-6025",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Movable Type series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Six Apart Ltd"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Open Redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
            "refsource": "MISC",
            "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN65280626/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.9",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.3",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.24",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.24",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.9",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.3",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6025"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN65280626/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-01-10T18:56Z",
      "publishedDate": "2019-12-26T16:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6025 (GCVE-0-2019-6025)

JVNDB-2019-000069

FKIE_CVE-2019-6025

GHSA-CC2H-7VFW-MGXV

CNVD-2019-41656

GSD-2019-6025

Tags

Sightings

Nomenclature