CVE-2019-19660

{"id": "CVE-2019-19660", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-02-10T16:15:14.033", "references": [{"url": "https://github.com/harshit-shukla/CVE", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://raw.githubusercontent.com/harshit-shukla/CVE/master/CVE-2019-19660.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/harshit-shukla/CVE", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://raw.githubusercontent.com/harshit-shukla/CVE/master/CVE-2019-19660.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo CSRF en la funcionalidad Network Setting de Web File Manager de Rumpus FTP Server versi\u00f3n 8.2.9.1. Mediante su explotaci\u00f3n, un atacante puede manipular la configuraci\u00f3n SMTP y otras configuraciones de red por medio del archivo RAPR/NetworkSettingsSet.html."}], "lastModified": "2024-11-21T04:35:08.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maxum:rumpus:8.2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1600FDD4-22B1-4D5E-994A-43DFBB86C31E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}