Lucene search

K
cve[email protected]CVE-2019-12774
HistoryJun 07, 2019 - 4:29 p.m.

CVE-2019-12774

2019-06-0716:29:00
CWE-79
web.nvd.nist.gov
37
cve-2019-12774
stored xss
vulnerability
enttec datagate
mk2
web configuration
unauthenticated threat actor

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor.

Affected configurations

NVD
Node
enttecdatagate_mk2_firmwareMatch7004405032019-482
AND
enttecdatagate_mk2Match-
Node
enttecstorm_24_firmwareMatch7004405032019-482
AND
enttecstorm_24Match-
Node
enttecpixelator_firmwareMatch7004405032019-482
AND
enttecpixelatorMatch-
Node
enttece-streamer_mk2_firmwareMatch7004405032019-482
AND
enttece-streamer_mk2Match-

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

Related for CVE-2019-12774