Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2019-25029
HistoryMay 26, 2021 - 6:45 p.m.

CVE-2019-25029

2021-05-2618:45:32
CWE-77
hackerone
www.cve.org
3
versa director
command injection
attack
application
user-supplied data
system shell
input validation

AI Score

9.9

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.

CNA Affected

[
  {
    "product": "Versa Director",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1"
      }
    ]
  }
]

Related

hackerone 1
cve 1
nvd 1
prion 1
hackerone
hackerone
Versa Networks: Versa Director is susceptible to Command Injection attacks (e.g., SQL, LDAP, XML, Xpath)
2019-04-02 00:00:00
cve
cve
CVE-2019-25029
2021-05-26 19:15:08
nvd
nvd
CVE-2019-25029
2021-05-26 19:15:08
prion
prion
Command injection
2021-05-26 19:15:00

AI Score

9.9

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON
Related for CVELIST:CVE-2019-25029
hackerone1cve1nvd1prion1