Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-19104

Опубликовано: 22 апр. 2020
Источник: nvd
CVSS3: 9.1
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abb:tg\/s3.2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:tg\/s3.2:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:busch-jaeger:6186\/11_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:busch-jaeger:6186\/11:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00241
Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287
CWE-306

Связанные уязвимости

github логотип

GHSA-5x7j-64fm-ggfp

github
больше 3 лет назад

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.

EPSS

Процентиль: 47%
0.00241
Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287
CWE-306