CVE-2019-15749

{"id": "CVE-2019-15749", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-10-07T12:15:11.447", "references": [{"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15749", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.contextis.com/en/resources/advisories/cve-2019-15749", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address."}, {"lang": "es", "value": "SITOS Build seis versi\u00f3n v6.2.1, permite al usuario cambiar su contrase\u00f1a y direcci\u00f3n de correo electr\u00f3nico de recuperaci\u00f3n sin requerir que confirme el cambio con su contrase\u00f1a anterior. Esto permitir\u00eda a un atacante con acceso a la cuenta de la v\u00edctima (por ejemplo, por medio de un ataque de tipo XSS o una estaci\u00f3n de trabajo desatendida) cambiar esa contrase\u00f1a y direcci\u00f3n."}], "lastModified": "2024-11-21T04:29:23.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitos:sitos_six:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "760C0CF6-2D14-4152-AA7E-CAA7667104AE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}