CVE-2019-13517

Опубликовано: 06 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.

Ссылки

https://www.us-cert.gov/ics/advisories/icsma-19-248-01
Mitigation
Third Party Advisory
US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-19-248-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bd:pyxis_enterprise_server:*:*:*:*:*:*:*:*

Версия от 4.4 (включая) до 4.12 (включая)

cpe:2.3:a:bd:pyxis_es:*:*:*:*:*:*:*:*

Версия от 1.3.4 (включая) до 1.6.1 (включая)

EPSS

Процентиль: 45%

0.00222

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-384

Связанные уязвимости

GHSA-w5xw-f5v2-6r79

github

больше 3 лет назад