Lucene search

[email protected]CVE-2019-7219

HistoryApr 11, 2019 - 7:29 p.m.

CVE-2019-7219

2019-04-1119:29:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-7219

unauthenticated

reflected xss

zarafa webapp

discontinued product

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.

Affected configurations

NVD

Node

zarafawebaccessMatch7.2.0-48204

CPENameOperatorVersion
zarafa:webaccesszarafa webaccesseq7.2.0-48204

CPE	Name	Operator	Version
zarafa:webaccess	zarafa webaccess	eq	7.2.0-48204

References

github.com/verifysecurity/CVE-2019-7219

stash.kopano.io/repos?visibility=public

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2019-7219

nvd1 cvelist1 prion1 nuclei1