Sign-up

ID

VAR-201908-0549


CVE

CVE-2019-13348


TITLE

Knowage Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-008496

DESCRIPTION

In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. Knowage Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-13348 // JVNDB: JVNDB-2019-008496

AFFECTED PRODUCTS

vendor:engmodel:knowagescope:ltversion:6.4

Trust: 1.0

vendor:knowagemodel:knowagescope:lteversion:6.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-008496 // NVD: CVE-2019-13348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13348
value: HIGH

Trust: 1.0

NVD: CVE-2019-13348
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-2138
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13348
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-13348
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-008496 // CNNVD: CNNVD-201908-2138 // NVD: CVE-2019-13348

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2019-008496 // NVD: CVE-2019-13348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2138

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-2138

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008496

PATCH
title:Top Pageurl:https://www.knowage-suite.com/site/home/
Trust: 0.8
title:Knowage Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97626
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008496 // 
            
            
            
            CNNVD: CNNVD-201908-2138

EXTERNAL IDS
db:NVDid:CVE-2019-13348
Trust: 2.4
db:JVNDBid:JVNDB-2019-008496
Trust: 0.8
db:CNNVDid:CNNVD-201908-2138
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008496 // 
            
            
            
            CNNVD: CNNVD-201908-2138 // 
            
            
            
            NVD: CVE-2019-13348

REFERENCES
url:https://blog.contentsecurity.com.au/knowage-password-disclosure
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13348
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13348
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008496 // 
            
            
            
            CNNVD: CNNVD-201908-2138 // 
            
            
            
            NVD: CVE-2019-13348

SOURCES
db:JVNDBid:JVNDB-2019-008496
db:CNNVDid:CNNVD-201908-2138
db:NVDid:CVE-2019-13348

LAST UPDATE DATE
2024-11-23T22:58:37.003000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-008496date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2138date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13348date:2024-11-21T04:24:46.030

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-008496date:2019-09-02T00:00:00
db:CNNVDid:CNNVD-201908-2138date:2019-08-28T00:00:00
db:NVDid:CVE-2019-13348date:2019-08-28T16:15:11.203