7.4

CVE-2019-14860

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatFuse Version < 7.5.0
RedhatSyndesis Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.17% 0.632
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
secalert@redhat.com 7.4 2.8 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

https://access.redhat.com/errata/RHSA-2019:3892
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860
Vendor Advisory
Issue Tracking