Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-15684
HistoryNov 25, 2019 - 4:15 p.m.

CVE-2019-15684

2019-11-2516:15:13
[email protected]
web.nvd.nist.gov
36
cve-2019-15684
kaspersky protection
google chrome
vulnerability
unauthorized access
remote access
extension removal

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON

Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

Affected configurations

NVD
Node
googlechromeRange<30.112.62.0
Node
kasperskyprotectionMatch20.0.543.1418chrome

CNA Affected

[
  {
    "product": "Kaspersky Protection extension for Google Chrome",
    "vendor": "Kaspersky",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 30.112.62.0"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
hackerone 1
symantec 1
prion 1
nvd
nvd
CVE-2019-15684
2019-11-25 16:15:13
cvelist
cvelist
CVE-2019-15684
2019-11-25 16:01:12
hackerone
hackerone
Kaspersky: Kaspersky Protection extension for Google Chrome is vulnerable to abuse its features
2018-12-21 08:50:01
symantec
symantec
Kaspersky Protection extension for Google Chrome CVE-2019-15684 Unauthorized Access Vulnerability
2019-11-25 00:00:00
prion
prion
Design/Logic Flaw
2019-11-25 16:15:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON
Related for CVE-2019-15684
nvd1cvelist1hackerone1symantec1prion1