Lucene search

[email protected]CVE-2019-5433

HistoryMay 06, 2019 - 5:29 p.m.

CVE-2019-5433

2019-05-0617:29:00

CWE-601

[email protected]

web.nvd.nist.gov

nvd

cve-2019-5433

revive adserver

vulnerability

phishing attack

domain

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

44.4%

JSON

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

CPENameOperatorVersion
revive-adserver:revive_adserverrevive-adserver revive adserverlt4.2.0

CPE	Name	Operator	Version
revive-adserver:revive_adserver	revive-adserver revive adserver	lt	4.2.0

References

hackerone.com/reports/390663

www.revive-adserver.com/security/revive-sa-2019-001/

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

44.4%

JSON

Related for CVE-2019-5433

prion1 osv1 hackerone1 cvelist1