Lucene search

[email protected]CVE-2019-5748

HistoryJan 09, 2019 - 5:29 p.m.

CVE-2019-5748

2019-01-0917:29:00

CWE-611

[email protected]

web.nvd.nist.gov

cve-2019-5748

traccar

server

xxe attacks

spotprotocoldecoder

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.

Affected configurations

NVD

Node

traccarserverMatch4.2

CPENameOperatorVersion
traccar:servertraccar servereq4.2

CPE	Name	Operator	Version
traccar:server	traccar server	eq	4.2

References

github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf

www.traccar.org/blog/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2019-5748

openvas1 osv1 prion1 cvelist1 nvd1