10

CVE-2019-19015

Exploit

EPSS 1.11%
Veröffentlicht 02.12.2019 17:15:12
Zuletzt bearbeitet 21.11.2024 04:33:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Titanhq ≫ Webtitan Version < 5.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.775

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://write-up.github.io/webtitan/

Third Party Advisory

Exploit

https://www.webtitan.com/resources/product-updates/

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-19015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19015

EUVD