CVE-2019-19857

{"id": "CVE-2019-19857", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-01-15T23:15:11.777", "references": [{"url": "https://websec.nl/news.php", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://websec.nl/news.php", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Serpico (tambi\u00e9n se conoce como SimplE RePort wrIting and CollaboratiOn tool) versi\u00f3n 1.3.0. Un administrador puede cambiar su contrase\u00f1a sin proporcionar la contrase\u00f1a actual, mediante el uso de interfaces fuera de la pantalla Change Password. Por lo tanto, solicitar al administrador que ingrese un valor Old Password en la pantalla Change Password no mejora la seguridad. Esto es problem\u00e1tico en conjunto con un ataque de tipo XSS."}], "lastModified": "2024-11-21T04:35:32.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:serpico_project:serpico:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B0682FF-A9EC-4DE4-AF14-7956F3DB2800"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}