CVE-2017-15044

{"id": "CVE-2017-15044", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-21T13:29:00.217", "references": [{"url": "http://www.securityfocus.com/archive/1/541548", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface."}, {"lang": "es", "value": "La instalaci\u00f3n por defecto del servidor DocuWare Fulltext Search hasta la versi\u00f3n 6.11 permite que los usuarios remotos se conecten y descarguen texto que se podr\u00eda buscar desde el servicio Solr embebido, omitiendo las caracter\u00edsticas de control de acceso de la API y las interfaces de usuario de DocuWare. Un atacante tambi\u00e9n podr\u00eda obtener privilegios modificando el texto. La instalaci\u00f3n por defecto es insegura porque el servidor escucha en la interfaz de red, no en la interfaz del host local."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docuware:fulltext_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50E35843-D942-4477-BC36-3AACFBF71C28", "versionEndIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}