Lucene search

GoogleOSV:CVE-2019-15641

HistoryAug 26, 2019 - 6:15 p.m.

CVE-2019-15641

2019-08-2618:15:12

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.

CPENameOperatorVersion
webmineq1.700
webmineq1.770
webmineq1.720
webmineq1.710
webmineq1.800
webmineq1.840
webmineq1.780
webmineq1.920
webmineq1.831
webmineq1.910

Name	Operator	Version
webmin	eq	1.700
webmin	eq	1.770
webmin	eq	1.720
webmin	eq	1.710
webmin	eq	1.800
webmin	eq	1.840
webmin	eq	1.780
webmin	eq	1.920
webmin	eq	1.831
webmin	eq	1.910

Rows per page:

1-10 of 261

References

www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for OSV:CVE-2019-15641