Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-14362
HistoryJul 28, 2019 - 6:15 p.m.

CVE-2019-14362

2019-07-2818:15:11
CWE-22
[email protected]
web.nvd.nist.gov
80
cve-2019-14362
openbravo erp
directory traversal
remote attack
authenticated attack
file replacement

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.

Affected configurations

NVD
Node
openbravoopenbravo_erpMatch3.0-
OR
openbravoopenbravo_erpMatch3.0maintenance_pack0.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack10
OR
openbravoopenbravo_erpMatch3.0maintenance_pack10.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack10.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack10.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack11
OR
openbravoopenbravo_erpMatch3.0maintenance_pack11.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack12
OR
openbravoopenbravo_erpMatch3.0maintenance_pack12.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack12.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack13
OR
openbravoopenbravo_erpMatch3.0maintenance_pack13.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack13.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack14
OR
openbravoopenbravo_erpMatch3.0maintenance_pack14.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack14.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack15
OR
openbravoopenbravo_erpMatch3.0maintenance_pack15.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack15.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack16
OR
openbravoopenbravo_erpMatch3.0maintenance_pack16.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack16.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack16.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack17
OR
openbravoopenbravo_erpMatch3.0maintenance_pack17.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack17.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack17.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack18.5
OR
openbravoopenbravo_erpMatch3.0maintenance_pack19
OR
openbravoopenbravo_erpMatch3.0maintenance_pack19.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack19.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack19.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack19.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack2.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack2.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack2.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack2.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack20
OR
openbravoopenbravo_erpMatch3.0maintenance_pack21
OR
openbravoopenbravo_erpMatch3.0maintenance_pack21.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack22
OR
openbravoopenbravo_erpMatch3.0maintenance_pack22.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack22.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack22.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack23
OR
openbravoopenbravo_erpMatch3.0maintenance_pack23.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack23.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack24
OR
openbravoopenbravo_erpMatch3.0maintenance_pack24.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack24.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack25
OR
openbravoopenbravo_erpMatch3.0maintenance_pack25.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack25.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack26
OR
openbravoopenbravo_erpMatch3.0maintenance_pack26.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack26.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack26.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack26.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack27
OR
openbravoopenbravo_erpMatch3.0maintenance_pack27.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack28.5
OR
openbravoopenbravo_erpMatch3.0maintenance_pack29
OR
openbravoopenbravo_erpMatch3.0maintenance_pack29.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack29.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack29.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack29.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack3.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack3.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack30
OR
openbravoopenbravo_erpMatch3.0maintenance_pack30.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack30.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack30.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack31
OR
openbravoopenbravo_erpMatch3.0maintenance_pack31.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack31.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack31.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack31.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack4.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack4.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack5
OR
openbravoopenbravo_erpMatch3.0maintenance_pack5.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack5.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack5.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack6
OR
openbravoopenbravo_erpMatch3.0maintenance_pack6.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack6.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack7
OR
openbravoopenbravo_erpMatch3.0maintenance_pack7.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack7.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack7.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack8
OR
openbravoopenbravo_erpMatch3.0maintenance_pack8.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack8.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack8.3
OR
openbravoopenbravo_erpMatch3.0maintenance_pack8.4
OR
openbravoopenbravo_erpMatch3.0maintenance_pack9
OR
openbravoopenbravo_erpMatch3.0maintenance_pack9.1
OR
openbravoopenbravo_erpMatch3.0maintenance_pack9.2
OR
openbravoopenbravo_erpMatch3.0maintenance_pack9.3
OR
openbravoopenbravo_erpMatch3.0pr14q2
OR
openbravoopenbravo_erpMatch3.0pr14q2.1
OR
openbravoopenbravo_erpMatch3.0pr14q2.2
OR
openbravoopenbravo_erpMatch3.0pr14q2.3
OR
openbravoopenbravo_erpMatch3.0pr14q2.4
OR
openbravoopenbravo_erpMatch3.0pr14q2.5
OR
openbravoopenbravo_erpMatch3.0pr14q2.6
OR
openbravoopenbravo_erpMatch3.0pr14q3
OR
openbravoopenbravo_erpMatch3.0pr14q3.1
OR
openbravoopenbravo_erpMatch3.0pr14q3.2
OR
openbravoopenbravo_erpMatch3.0pr14q3.3
OR
openbravoopenbravo_erpMatch3.0pr14q3.4
OR
openbravoopenbravo_erpMatch3.0pr14q3.5
OR
openbravoopenbravo_erpMatch3.0pr14q3.6
OR
openbravoopenbravo_erpMatch3.0pr14q3.7
OR
openbravoopenbravo_erpMatch3.0pr14q3.8
OR
openbravoopenbravo_erpMatch3.0pr14q4
OR
openbravoopenbravo_erpMatch3.0pr15q1
OR
openbravoopenbravo_erpMatch3.0pr15q1.1
OR
openbravoopenbravo_erpMatch3.0pr15q1.2
OR
openbravoopenbravo_erpMatch3.0pr15q1.3
OR
openbravoopenbravo_erpMatch3.0pr15q1.4
OR
openbravoopenbravo_erpMatch3.0pr15q1.5
OR
openbravoopenbravo_erpMatch3.0pr15q2
OR
openbravoopenbravo_erpMatch3.0pr15q2.1
OR
openbravoopenbravo_erpMatch3.0pr15q2.2
OR
openbravoopenbravo_erpMatch3.0pr15q2.3
OR
openbravoopenbravo_erpMatch3.0pr15q2.4
OR
openbravoopenbravo_erpMatch3.0pr15q2.5
OR
openbravoopenbravo_erpMatch3.0pr15q2.6
OR
openbravoopenbravo_erpMatch3.0pr15q3
OR
openbravoopenbravo_erpMatch3.0pr15q3.1
OR
openbravoopenbravo_erpMatch3.0pr15q3.2
OR
openbravoopenbravo_erpMatch3.0pr15q3.3
OR
openbravoopenbravo_erpMatch3.0pr15q3.4
OR
openbravoopenbravo_erpMatch3.0pr15q3.5
OR
openbravoopenbravo_erpMatch3.0pr15q4
OR
openbravoopenbravo_erpMatch3.0pr15q4.1
OR
openbravoopenbravo_erpMatch3.0pr15q4.2
OR
openbravoopenbravo_erpMatch3.0pr15q4.3
OR
openbravoopenbravo_erpMatch3.0pr15q4.4
OR
openbravoopenbravo_erpMatch3.0pr15q4.5
OR
openbravoopenbravo_erpMatch3.0pr15q4.6
OR
openbravoopenbravo_erpMatch3.0pr16q1
OR
openbravoopenbravo_erpMatch3.0pr16q1.1
OR
openbravoopenbravo_erpMatch3.0pr16q1.2
OR
openbravoopenbravo_erpMatch3.0pr16q1.3
OR
openbravoopenbravo_erpMatch3.0pr16q2
OR
openbravoopenbravo_erpMatch3.0pr16q2.1
OR
openbravoopenbravo_erpMatch3.0pr16q2.2
OR
openbravoopenbravo_erpMatch3.0pr16q2.3
OR
openbravoopenbravo_erpMatch3.0pr16q2.4
OR
openbravoopenbravo_erpMatch3.0pr16q3
OR
openbravoopenbravo_erpMatch3.0pr16q3.1
OR
openbravoopenbravo_erpMatch3.0pr16q3.2
OR
openbravoopenbravo_erpMatch3.0pr16q3.3
OR
openbravoopenbravo_erpMatch3.0pr16q3.4
OR
openbravoopenbravo_erpMatch3.0pr16q3.5
OR
openbravoopenbravo_erpMatch3.0pr16q4
OR
openbravoopenbravo_erpMatch3.0pr16q4.1
OR
openbravoopenbravo_erpMatch3.0pr16q4.2
OR
openbravoopenbravo_erpMatch3.0pr16q4.3
OR
openbravoopenbravo_erpMatch3.0pr16q4.4
OR
openbravoopenbravo_erpMatch3.0pr17q1
OR
openbravoopenbravo_erpMatch3.0pr17q1.1
OR
openbravoopenbravo_erpMatch3.0pr17q1.2
OR
openbravoopenbravo_erpMatch3.0pr17q1.3
OR
openbravoopenbravo_erpMatch3.0pr17q2
OR
openbravoopenbravo_erpMatch3.0pr17q2.1
OR
openbravoopenbravo_erpMatch3.0pr17q2.2
OR
openbravoopenbravo_erpMatch3.0pr17q2.3
OR
openbravoopenbravo_erpMatch3.0pr17q2.4
OR
openbravoopenbravo_erpMatch3.0pr17q3
OR
openbravoopenbravo_erpMatch3.0pr17q3.1
OR
openbravoopenbravo_erpMatch3.0pr17q3.2
OR
openbravoopenbravo_erpMatch3.0pr17q3.3
OR
openbravoopenbravo_erpMatch3.0pr17q4
OR
openbravoopenbravo_erpMatch3.0pr17q4.1
OR
openbravoopenbravo_erpMatch3.0pr17q4.2
OR
openbravoopenbravo_erpMatch3.0pr18q1
OR
openbravoopenbravo_erpMatch3.0pr18q1.1
OR
openbravoopenbravo_erpMatch3.0pr18q1.2
OR
openbravoopenbravo_erpMatch3.0pr18q1.3
OR
openbravoopenbravo_erpMatch3.0pr18q2
OR
openbravoopenbravo_erpMatch3.0pr18q2.1
OR
openbravoopenbravo_erpMatch3.0pr18q2.2
OR
openbravoopenbravo_erpMatch3.0pr18q2.3
OR
openbravoopenbravo_erpMatch3.0pr18q3
OR
openbravoopenbravo_erpMatch3.0pr18q3.1
OR
openbravoopenbravo_erpMatch3.0pr18q3.2
OR
openbravoopenbravo_erpMatch3.0pr18q3.3
OR
openbravoopenbravo_erpMatch3.0pr18q3.4
OR
openbravoopenbravo_erpMatch3.0pr18q3.5
OR
openbravoopenbravo_erpMatch3.0pr18q4
OR
openbravoopenbravo_erpMatch3.0pr18q4.1
OR
openbravoopenbravo_erpMatch3.0pr18q4.2
OR
openbravoopenbravo_erpMatch3.0pr18q4.3
OR
openbravoopenbravo_erpMatch3.0pr19q1
OR
openbravoopenbravo_erpMatch3.0pr19q1.1
OR
openbravoopenbravo_erpMatch3.0pr19q1.2

Related

prion 1
cvelist 1
nvd 1
prion
prion
Directory traversal
2019-07-28 18:15:00
cvelist
cvelist
CVE-2019-14362
2019-07-28 17:26:06
nvd
nvd
CVE-2019-14362
2019-07-28 18:15:11

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON
Related for CVE-2019-14362
prion1cvelist1nvd1