ID
VAR-202002-0468
CVE
CVE-2019-19662
TITLE
Rumpus FTP Server Web File Manager Cross-Site Request Forgery Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2020-04692 //
CNNVD: CNNVD-202002-338
DESCRIPTION
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
Trust: 2.16
sources:
NVD: CVE-2019-19662 //
JVNDB: JVNDB-2019-014622 //
CNVD: CNVD-2020-04692
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04692
AFFECTED PRODUCTS
| vendor: | maxum | model: | rumpus ftp | scope: | eq | version: | 8.2.9.1 | Trust: 1.0 |
| vendor: | maxum | model: | rumpus | scope: | eq | version: | ftp 8.2.9.1 | Trust: 0.8 |
| vendor: | maxum | model: | rumpus ftp server | scope: | eq | version: | 8.2.9.1 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04692 //
JVNDB: JVNDB-2019-014622 //
NVD: CVE-2019-19662
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2020-04692 //
JVNDB: JVNDB-2019-014622 //
CNNVD: CNNVD-202002-338 //
NVD: CVE-2019-19662
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2019-014622 //
NVD: CVE-2019-19662
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202002-338
TYPE
cross-site request forgery
Trust: 0.6
sources:
CNNVD: CNNVD-202002-338
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-014622
PATCH
| title: | Rumpus | url: | https://www.maxum.com/Rumpus/ | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-014622
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-19662 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-014622 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-04692 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202002-338 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04692 //
JVNDB: JVNDB-2019-014622 //
CNNVD: CNNVD-202002-338 //
NVD: CVE-2019-19662
REFERENCES
| url: | https://github.com/harshit-shukla/cve/blob/master/cve-2019-19662.md | Trust: 3.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-19662 | Trust: 2.0 |
| url: | https://github.com/harshit-shukla/cve | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19662 | Trust: 0.8 |
sources:
CNVD: CNVD-2020-04692 //
JVNDB: JVNDB-2019-014622 //
CNNVD: CNNVD-202002-338 //
NVD: CVE-2019-19662
SOURCES
| db: | CNVD | id: | CNVD-2020-04692 |
| db: | JVNDB | id: | JVNDB-2019-014622 |
| db: | CNNVD | id: | CNNVD-202002-338 |
| db: | NVD | id: | CVE-2019-19662 |
LAST UPDATE DATE
2024-11-23T22:48:08.779000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-04692 | date: | 2020-02-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014622 | date: | 2020-03-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-338 | date: | 2021-01-05T00:00:00 |
| db: | NVD | id: | CVE-2019-19662 | date: | 2024-11-21T04:35:08.623 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-04692 | date: | 2020-02-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014622 | date: | 2020-03-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-338 | date: | 2020-02-10T00:00:00 |
| db: | NVD | id: | CVE-2019-19662 | date: | 2020-02-10T17:15:16.257 |