CVE-2019-13517

EPSS 0.22%
Veröffentlicht 06.09.2019 14:15:15
Zuletzt bearbeitet 21.11.2024 04:25:03
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bd ≫ Pyxis Enterprise Server Version >= 4.4 <= 4.12

Bd ≫ Pyxis Es Version >= 1.3.4 <= 1.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://www.us-cert.gov/ics/advisories/icsma-19-248-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-13517

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13517

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13517

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-13517