5.3
CVE-2019-10246
- EPSS 1.7%
- Published 22.04.2019 20:29:00
- Last modified 21.11.2024 04:18:44
- Source emo@eclipse.org
- Teams watchlist Login
- Open Login
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
Data is provided by the National Vulnerability Database (NVD)
Netapp ≫ Oncommand System Manager Version >= 3.0 <= 3.1.3
Netapp ≫ Snap Creator Framework Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Snapmanager Version- Update- SwPlatformoracle
Netapp ≫ Snapmanager Version- Update- SwPlatformsap
Netapp ≫ Storage Replication Adapter For Clustered Data Ontap SwPlatformvmware_vsphere Version >= 9.6
Netapp ≫ Storage Services Connector Version-
Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 9.6
Netapp ≫ Vasa Provider For Clustered Data Ontap Version-
Netapp ≫ Virtual Storage Console SwPlatformvmware_vsphere Version >= 9.6
Netapp ≫ Virtual Storage Console Version9.6
Oracle ≫ Communications Analytics Version12.1.1
Oracle ≫ Communications Element Manager Version8.0.0
Oracle ≫ Communications Element Manager Version8.1.0
Oracle ≫ Communications Element Manager Version8.1.1
Oracle ≫ Communications Element Manager Version8.2.0
Oracle ≫ Communications Services Gatekeeper Version6.0
Oracle ≫ Communications Services Gatekeeper Version6.1
Oracle ≫ Communications Services Gatekeeper Version7.0
Oracle ≫ Communications Session Report Manager Version8.0.0
Oracle ≫ Communications Session Report Manager Version8.1.0
Oracle ≫ Communications Session Report Manager Version8.1.1
Oracle ≫ Communications Session Report Manager Version8.2.0
Oracle ≫ Communications Session Route Manager Version8.0.0
Oracle ≫ Communications Session Route Manager Version8.1.0
Oracle ≫ Communications Session Route Manager Version8.1.1
Oracle ≫ Communications Session Route Manager Version8.2.0
Oracle ≫ Data Integrator Version12.2.1.3.0
Oracle ≫ Data Integrator Version12.2.1.4.0
Oracle ≫ Endeca Information Discovery Integrator Version3.2.0
Oracle ≫ Enterprise Manager Base Platform Version13.2
Oracle ≫ Enterprise Manager Base Platform Version13.3
Oracle ≫ Flexcube Core Banking Version >= 11.5.0 <= 11.7.0
Oracle ≫ Flexcube Core Banking Version5.2.0
Oracle ≫ Flexcube Private Banking Version12.0.0
Oracle ≫ Flexcube Private Banking Version12.1.0
Oracle ≫ Hospitality Guest Access Version4.2.0
Oracle ≫ Hospitality Guest Access Version4.2.1
Oracle ≫ Rest Data Services Version11.2.0.4 SwEdition-
Oracle ≫ Rest Data Services Version12.1.0.2 SwEdition-
Oracle ≫ Rest Data Services Version12.2.0.1 SwEdition-
Oracle ≫ Rest Data Services Version18c SwEdition-
Oracle ≫ Retail Xstore Point Of Service Version7.1
Oracle ≫ Retail Xstore Point Of Service Version15.0
Oracle ≫ Retail Xstore Point Of Service Version16.0
Oracle ≫ Retail Xstore Point Of Service Version17.0
Oracle ≫ Unified Directory Version12.2.1.3.0
Oracle ≫ Unified Directory Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.7% | 0.817 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-213 Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.