CVE-2019-10855

{"id": "CVE-2019-10855", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-23T19:29:01.027", "references": [{"url": "https://applied-risk.com/index.php/download_file/view/196/165", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://applied-risk.com/labs/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://applied-risk.com/index.php/download_file/view/196/165", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://applied-risk.com/labs/advisories", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database."}, {"lang": "es", "value": "En Computrols CBAS versi\u00f3n 18.0.0 hay un mal manejo del Hash de contrase\u00f1as. Consiste en MD5 con un prefijo pw, es decir, si la contrase\u00f1a es admin, calcular\u00e1 el hash MD5 de pwadmin y lo guardar\u00e1 en una base de datos MySQL."}], "lastModified": "2024-11-21T04:19:59.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:computrols:computrols_building_automation_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B187FAA0-39C0-4716-9319-83132BA6EB31", "versionEndIncluding": "19.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}