Lucene search

MitreCVE-2019-19611

HistoryMar 13, 2020 - 7:15 p.m.

CVE-2019-19611

2020-03-1319:15:16

mitre

web.nvd.nist.gov

halvotec raquest

cve-2019-19611

security vulnerability

web services

unauthorized access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1

Affected configurations

Nvd

Node

halvotecraquestMatch10.23.10801.0

VendorProductVersionCPE
halvotecraquest10.23.10801.0cpe:2.3:a:halvotec:raquest:10.23.10801.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
halvotec	raquest	10.23.10801.0	cpe:2.3:a:halvotec:raquest:10.23.10801.0:::::::*

References

excellium-services.com/cert-xlm-advisory/cve-2019-19611/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for CVE-2019-19611