ID
VAR-202002-0472
CVE
CVE-2019-19666
TITLE
Rumpus FTP Cross-site request forgery vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2019-014498
DESCRIPTION
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client
Trust: 2.16
sources:
NVD: CVE-2019-19666 //
JVNDB: JVNDB-2019-014498 //
CNVD: CNVD-2020-04695
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04695
AFFECTED PRODUCTS
| vendor: | maxum | model: | rumpus ftp | scope: | eq | version: | 8.2.9.1 | Trust: 1.0 |
| vendor: | maxum | model: | rumpus | scope: | eq | version: | ftp 8.2.9.1 | Trust: 0.8 |
| vendor: | maxum | model: | rumpus ftp server | scope: | eq | version: | 8.2.9.1 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04695 //
JVNDB: JVNDB-2019-014498 //
NVD: CVE-2019-19666
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2020-04695 //
JVNDB: JVNDB-2019-014498 //
CNNVD: CNNVD-202002-341 //
NVD: CVE-2019-19666
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2019-014498 //
NVD: CVE-2019-19666
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202002-341
TYPE
cross-site request forgery
Trust: 0.6
sources:
CNNVD: CNNVD-202002-341
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-014498
PATCH
| title: | Rumpus | url: | https://www.maxum.com/Rumpus/ | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-014498
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-19666 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-014498 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-04695 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202002-341 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-04695 //
JVNDB: JVNDB-2019-014498 //
CNNVD: CNNVD-202002-341 //
NVD: CVE-2019-19666
REFERENCES
| url: | https://github.com/harshit-shukla/cve/blob/master/cve-2019-19666.md | Trust: 3.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-19666 | Trust: 2.0 |
| url: | https://github.com/harshit-shukla/cve | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19666 | Trust: 0.8 |
sources:
CNVD: CNVD-2020-04695 //
JVNDB: JVNDB-2019-014498 //
CNNVD: CNNVD-202002-341 //
NVD: CVE-2019-19666
SOURCES
| db: | CNVD | id: | CNVD-2020-04695 |
| db: | JVNDB | id: | JVNDB-2019-014498 |
| db: | CNNVD | id: | CNNVD-202002-341 |
| db: | NVD | id: | CVE-2019-19666 |
LAST UPDATE DATE
2024-11-23T23:04:29.186000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-04695 | date: | 2020-02-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014498 | date: | 2020-02-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-341 | date: | 2021-01-05T00:00:00 |
| db: | NVD | id: | CVE-2019-19666 | date: | 2024-11-21T04:35:09.217 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-04695 | date: | 2020-02-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014498 | date: | 2020-02-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-341 | date: | 2020-02-10T00:00:00 |
| db: | NVD | id: | CVE-2019-19666 | date: | 2020-02-10T18:15:11.953 |