Lucene search

[email protected]NVD:CVE-2019-5286

HistoryJun 13, 2019 - 4:29 p.m.

CVE-2019-5286

2019-06-1316:29:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.3%

JSON

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.

Affected configurations

Nvd

Node

huaweihedex_liteRange<v200r006c00spc007

VendorProductVersionCPE
huaweihedex_lite*cpe:2.3:a:huawei:hedex_lite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	hedex_lite	*	cpe:2.3:a:huawei:hedex_lite::::::::

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20190605-01-hedex-en

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.3%

JSON

Related for NVD:CVE-2019-5286

cvelist1 huawei1 cve1 prion1