CVE-2019-19611

{"id": "CVE-2019-19611", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-13T19:15:16.993", "references": [{"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19611/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19611/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1"}, {"lang": "es", "value": "Se detect\u00f3 un problema en Halvotec RaQuest versi\u00f3n 10.23.10801.0. Uno de los servicios web expuestos permite a un usuario an\u00f3nimo acceder a la lista de usuarios conectados as\u00ed como a una cookie de sesi\u00f3n de cada usuario. Corregido en la versi\u00f3n 10.24.11206.1"}], "lastModified": "2024-11-21T04:35:03.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:halvotec:raquest:10.23.10801.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96831FD3-6154-49F9-AD61-92F1061C16A7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}