CVE-2019-6139

EPSS 2.13%
Veröffentlicht 07.02.2019 23:29:00
Zuletzt bearbeitet 21.11.2024 04:46:01
Quelle psirt@forcepoint.com
Teams Watchlist Login
Unerledigt Login

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Forcepoint ≫ User Id Version < 1.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.13%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://help.forcepoint.com/security/CVE/CVE-2019-6139.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6139

EUVD