exploitDog

CVE-2019-14258

Опубликовано: 21 авг. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.

Ссылки

https://www.coalfire.com/The-Coalfire-Blog
Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test
Exploit
Mitigation
Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog
Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zenoss:zenoss:2.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00641

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2019-14258

CVSS3: 7.5

debian

больше 6 лет назад

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to ...

GHSA-v6m8-2842-fm7q

CVSS3: 7.5

github

больше 3 лет назад

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.

EPSS

Процентиль: 70%

0.00641

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611