Sign-up

ID

VAR-201909-0689


CVE

CVE-2019-13188


TITLE

Knowage Vulnerabilities in access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-008841

DESCRIPTION

In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. Knowage Contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Trust: 1.62

sources: NVD: CVE-2019-13188 // JVNDB: JVNDB-2019-008841

AFFECTED PRODUCTS

vendor:engmodel:knowagescope:ltversion:6.4

Trust: 1.0

vendor:knowagemodel:knowagescope:lteversion:6.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-008841 // NVD: CVE-2019-13188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13188
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13188
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-227
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-13188
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-13188
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-008841 // CNNVD: CNNVD-201909-227 // NVD: CVE-2019-13188

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2019-008841 // NVD: CVE-2019-13188

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-227

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-227

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008841

PATCH
title:Top Pageurl:https://www.knowage-suite.com/site/home/
Trust: 0.8
title:Knowage Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97982
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008841 // 
            
            
            
            CNNVD: CNNVD-201909-227

EXTERNAL IDS
db:NVDid:CVE-2019-13188
Trust: 2.4
db:JVNDBid:JVNDB-2019-008841
Trust: 0.8
db:CNNVDid:CNNVD-201909-227
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008841 // 
            
            
            
            CNNVD: CNNVD-201909-227 // 
            
            
            
            NVD: CVE-2019-13188

REFERENCES
url:https://blog.contentsecurity.com.au/knowage-access-control-bypass
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13188
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13188
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008841 // 
            
            
            
            CNNVD: CNNVD-201909-227 // 
            
            
            
            NVD: CVE-2019-13188

SOURCES
db:JVNDBid:JVNDB-2019-008841
db:CNNVDid:CNNVD-201909-227
db:NVDid:CVE-2019-13188

LAST UPDATE DATE
2024-11-23T22:21:30.998000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-008841date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-227date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13188date:2024-11-21T04:24:22.963

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-008841date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201909-227date:2019-09-05T00:00:00
db:NVDid:CVE-2019-13188date:2019-09-05T18:15:18.133