Lucene search

MitreCVE-2019-10716

HistoryOct 21, 2019 - 12:15 a.m.

CVE-2019-10716

2019-10-2100:15:14

CWE-269

mitre

web.nvd.nist.gov

109

cve-2019-10716

information disclosure

verodin director

api security

credentials exposure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.025

Percentile

90.3%

JSON

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

Affected configurations

Nvd

Node

verodindirectorRange≤3.5.3.1

VendorProductVersionCPE
verodindirector*cpe:2.3:a:verodin:director:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
verodin	director	*	cpe:2.3:a:verodin:director::::::::

References

packetstormsecurity.com/files/156214/Verodin-Director-Web-Console-3.5.4.0-Password-Disclosure.html

www.nolanbkennedy.com/post/cve-2019-10716-information-disclosure-verodin-director

www.verodin.com/

www.verodin.com/technology/platform

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.025

Percentile

90.3%

JSON

Related for CVE-2019-10716