Sign-up

ID

VAR-202006-0747


CVE

CVE-2019-16245


TITLE

OMERO Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015672

DESCRIPTION

OMERO before 5.6.1 makes the details of each user available to all users. OMERO There is an information leakage vulnerability in.Information may be obtained. OMERO.server is an image server of the Open Microscopy Environment team. There are security vulnerabilities in OMERO.server versions before 5.6.1

Trust: 2.16

sources: NVD: CVE-2019-16245 // JVNDB: JVNDB-2019-015672 // CNVD: CNVD-2021-20273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20273

AFFECTED PRODUCTS

vendor:openmicroscopymodel:omeroscope:ltversion:5.6.1

Trust: 1.0

vendor:open microscopy environmentmodel:omeroscope:eqversion:5.6.1

Trust: 0.8

vendor:openmodel:microscopy environment omero.serverscope:ltversion:5.6.1

Trust: 0.6

sources: CNVD: CNVD-2021-20273 // JVNDB: JVNDB-2019-015672 // NVD: CVE-2019-16245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16245
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015672
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-20273
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1190
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-16245
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015672
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-20273
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16245
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015672
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20273 // JVNDB: JVNDB-2019-015672 // CNNVD: CNNVD-202006-1190 // NVD: CVE-2019-16245

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-015672 // NVD: CVE-2019-16245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1190

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015672

PATCH
title:2019-SV3 User Privacyurl:https://www.openmicroscopy.org/security/advisories/2019-SV3/
Trust: 0.8
title:Patch for OMERO.server information disclosure vulnerability (CNVD-2021-20273)url:https://www.cnvd.org.cn/patchInfo/show/253781
Trust: 0.6
title:OMERO.server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122556
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20273 // 
            
            
            
            JVNDB: JVNDB-2019-015672 // 
            
            
            
            CNNVD: CNNVD-202006-1190

EXTERNAL IDS
db:NVDid:CVE-2019-16245
Trust: 3.0
db:JVNDBid:JVNDB-2019-015672
Trust: 0.8
db:CNVDid:CNVD-2021-20273
Trust: 0.6
db:CNNVDid:CNNVD-202006-1190
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20273 // 
            
            
            
            JVNDB: JVNDB-2019-015672 // 
            
            
            
            CNNVD: CNNVD-202006-1190 // 
            
            
            
            NVD: CVE-2019-16245

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-16245
Trust: 2.0
url:https://www.openmicroscopy.org/security/advisories/2019-sv3/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16245
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-20273 // 
            
            
            
            JVNDB: JVNDB-2019-015672 // 
            
            
            
            CNNVD: CNNVD-202006-1190 // 
            
            
            
            NVD: CVE-2019-16245

SOURCES
db:CNVDid:CNVD-2021-20273
db:JVNDBid:JVNDB-2019-015672
db:CNNVDid:CNNVD-202006-1190
db:NVDid:CVE-2019-16245

LAST UPDATE DATE
2024-11-23T22:05:37.255000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-20273date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2019-015672date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1190date:2020-06-30T00:00:00
db:NVDid:CVE-2019-16245date:2024-11-21T04:30:22.523

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-20273date:2021-03-19T00:00:00
db:JVNDBid:JVNDB-2019-015672date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1190date:2020-06-17T00:00:00
db:NVDid:CVE-2019-16245date:2020-06-17T17:15:10.347