Sign-up

ID

VAR-201912-0141


CVE

CVE-2019-3430


TITLE

ZTE ZXCLOUD GoldenData VAP Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013572

DESCRIPTION

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system. ZTE ZXCLOUD GoldenData VAP is a set of big data solutions of China ZTE Corporation (ZTE). This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.71

sources: NVD: CVE-2019-3430 // JVNDB: JVNDB-2019-013572 // VULHUB: VHN-154865

AFFECTED PRODUCTS

vendor:ztemodel:zxcloud goldendata vapscope:lteversion:zxivs-vap-portal-xzgav4.01.01.02

Trust: 1.0

vendor:ztemodel:zxcloud goldendata vapscope:eqversion:4.01.01.02

Trust: 0.8

vendor:ztemodel:zxcloud goldendata vapscope:eqversion: -

Trust: 0.6

vendor:ztemodel:zxcloud goldendata vapscope:eqversion:zxivs-vap-portal-xzgav4.01.01.02

Trust: 0.6

sources: JVNDB: JVNDB-2019-013572 // CNNVD: CNNVD-201912-1016 // NVD: CVE-2019-3430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3430
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3430
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201912-1016
value: MEDIUM

Trust: 0.6

VULHUB: VHN-154865
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3430
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-154865
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3430
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-3430
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-154865 // JVNDB: JVNDB-2019-013572 // CNNVD: CNNVD-201912-1016 // NVD: CVE-2019-3430

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-154865 // JVNDB: JVNDB-2019-013572 // NVD: CVE-2019-3430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1016

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-1016

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013572

PATCH
title:Three Vulnerabilities in ZTE ZXCLOUD GoldenData VAP Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012023
Trust: 0.8
title:ZTE ZXCLOUD GoldenData VAP Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106119
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013572 // 
            
            
            
            CNNVD: CNNVD-201912-1016

EXTERNAL IDS
db:NVDid:CVE-2019-3430
Trust: 2.5
db:ZTEid:1012023
Trust: 1.7
db:JVNDBid:JVNDB-2019-013572
Trust: 0.8
db:CNNVDid:CNNVD-201912-1016
Trust: 0.7
db:VULHUBid:VHN-154865
Trust: 0.1
sources:
            
            
            VULHUB: VHN-154865 // 
            
            
            
            JVNDB: JVNDB-2019-013572 // 
            
            
            
            CNNVD: CNNVD-201912-1016 // 
            
            
            
            NVD: CVE-2019-3430

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1012023
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3430
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3430
Trust: 0.8
sources:
            
            
            VULHUB: VHN-154865 // 
            
            
            
            JVNDB: JVNDB-2019-013572 // 
            
            
            
            CNNVD: CNNVD-201912-1016 // 
            
            
            
            NVD: CVE-2019-3430

SOURCES
db:VULHUBid:VHN-154865
db:JVNDBid:JVNDB-2019-013572
db:CNNVDid:CNNVD-201912-1016
db:NVDid:CVE-2019-3430

LAST UPDATE DATE
2024-11-23T22:11:45.378000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-154865date:2019-12-30T00:00:00
db:JVNDBid:JVNDB-2019-013572date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-1016date:2019-12-31T00:00:00
db:NVDid:CVE-2019-3430date:2024-11-21T04:42:05.013

SOURCES RELEASE DATE
db:VULHUBid:VHN-154865date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013572date:2020-01-09T00:00:00
db:CNNVDid:CNNVD-201912-1016date:2019-12-23T00:00:00
db:NVDid:CVE-2019-3430date:2019-12-23T19:15:11.667