CVE-2019-19547

{"id": "CVE-2019-19547", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-01-13T16:15:11.297", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/", "source": "secure@symantec.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/", "source": "secure@symantec.com"}, {"url": "https://support.symantec.com/us/en/article.SYMSA1502.html", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."}, {"lang": "es", "value": "Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versi\u00f3n 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (XSS). Un XSS es un tipo de problema que puede habilitar a atacantes para inyectar scripts del lado del cliente en p\u00e1ginas web visualizadas por otros usuarios. Los atacantes pueden utilizar una vulnerabilidad XSS para omitir potencialmente los controles de acceso, tales como la pol\u00edtica del mismo origen."}], "lastModified": "2023-11-07T03:07:41.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_detection_and_response:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F2AFBC-885E-43D9-A046-55386312653F", "versionEndExcluding": "4.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}