Sign-up

ID

VAR-201807-0667


CVE

CVE-2018-13252


TITLE

Entrust Datacard Syntera CS Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-13037 // CNNVD: CNNVD-201807-338

DESCRIPTION

Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. Entrust Datacard Syntera CS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Entrust Datacard Syntera CS is an integrated suite of Entrust Datacard Corporation in the United States for connecting Datacard issuing systems and special software

Trust: 2.16

sources: NVD: CVE-2018-13252 // JVNDB: JVNDB-2018-007774 // CNVD: CNVD-2018-13037

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-13037

AFFECTED PRODUCTS

vendor:entrustdatacardmodel:syntera customization suitescope:eqversion:5.1

Trust: 1.6

vendor:entrustdatacardmodel:syntera customization suitescope:eqversion:5.0

Trust: 1.6

vendor:entrust datacardmodel:syntera customization suitescope:eqversion:5.x

Trust: 0.8

vendor:entrustmodel:datacard syntera csscope:eqversion:5.*

Trust: 0.6

sources: CNVD: CNVD-2018-13037 // JVNDB: JVNDB-2018-007774 // CNNVD: CNNVD-201807-338 // NVD: CVE-2018-13252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13252
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13252
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-13037
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-338
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-13252
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-13037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-13252
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-13037 // JVNDB: JVNDB-2018-007774 // CNNVD: CNNVD-201807-338 // NVD: CVE-2018-13252

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-007774 // NVD: CVE-2018-13252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-338

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201807-338

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007774

PATCH
title:Syntera Customization Suite Software Supporturl:https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007774

EXTERNAL IDS
db:NVDid:CVE-2018-13252
Trust: 3.0
db:JVNDBid:JVNDB-2018-007774
Trust: 0.8
db:CNVDid:CNVD-2018-13037
Trust: 0.6
db:CNNVDid:CNNVD-201807-338
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13037 // 
            
            
            
            JVNDB: JVNDB-2018-007774 // 
            
            
            
            CNNVD: CNNVD-201807-338 // 
            
            
            
            NVD: CVE-2018-13252

REFERENCES
url:https://github.com/herwonowr/cve/tree/master/cve-2018-13252
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13252
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13252
Trust: 0.8
url:https://www.entrustdatacard.com/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-13037 // 
            
            
            
            JVNDB: JVNDB-2018-007774 // 
            
            
            
            CNNVD: CNNVD-201807-338 // 
            
            
            
            NVD: CVE-2018-13252

SOURCES
db:CNVDid:CNVD-2018-13037
db:JVNDBid:JVNDB-2018-007774
db:CNNVDid:CNNVD-201807-338
db:NVDid:CVE-2018-13252

LAST UPDATE DATE
2024-11-23T22:26:16.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-13037date:2018-07-12T00:00:00
db:JVNDBid:JVNDB-2018-007774date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-338date:2018-07-06T00:00:00
db:NVDid:CVE-2018-13252date:2024-11-21T03:46:43.920

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-13037date:2018-07-12T00:00:00
db:JVNDBid:JVNDB-2018-007774date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-338date:2018-07-06T00:00:00
db:NVDid:CVE-2018-13252date:2018-07-05T17:29:00.250