Details of VAR-201909-0676

ID

VAR-201909-0676

CVE

CVE-2019-13349

TITLE

Knowage Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-008965

DESCRIPTION

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. Knowage Contains vulnerabilities related to certificate and password management.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2019-13349 // JVNDB: JVNDB-2019-008965

AFFECTED PRODUCTS

vendor:	knowage suite	model:	knowage	scope:	lte	version:	6.1.1	Trust: 1.0
vendor:	knowage	model:	knowage	scope:	lte	version:	6.1.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-008965 // NVD: CVE-2019-13349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13349
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13349
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201909-229
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-13349
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-13349
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2019-008965 // CNNVD: CNNVD-201909-229 // NVD: CVE-2019-13349

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2019-008965 // NVD: CVE-2019-13349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-229

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-229

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008965

PATCH

title:	Top Page	url:	https://www.knowage-suite.com/site/home/	Trust: 0.8
title:	Knowage Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97984	Trust: 0.6

sources: JVNDB: JVNDB-2019-008965 // CNNVD: CNNVD-201909-229

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13349	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-008965	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-229	Trust: 0.6

sources: JVNDB: JVNDB-2019-008965 // CNNVD: CNNVD-201909-229 // NVD: CVE-2019-13349

REFERENCES

url:	https://blog.contentsecurity.com.au/knowage-password-hash-disclosure	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13349	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13349	Trust: 0.8

sources: JVNDB: JVNDB-2019-008965 // CNNVD: CNNVD-201909-229 // NVD: CVE-2019-13349

SOURCES

db:	JVNDB	id:	JVNDB-2019-008965
db:	CNNVD	id:	CNNVD-201909-229
db:	NVD	id:	CVE-2019-13349

LAST UPDATE DATE

2024-11-23T22:44:53.791000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-008965	date:	2019-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201909-229	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13349	date:	2024-11-21T04:24:46.177

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-008965	date:	2019-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201909-229	date:	2019-09-05T00:00:00
db:	NVD	id:	CVE-2019-13349	date:	2019-09-05T18:15:24.087