CVE-2019-20002

{"id": "CVE-2019-20002", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-04-27T15:15:12.297", "references": [{"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1", "source": "cve@mitre.org"}, {"url": "https://medium.com/%40ayaan.saikia91/formula-injection-vulnerability-on-solarwinds-webhelpdesk-12-7-1-37569cd4cdc1", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user."}, {"lang": "es", "value": "Una Injection de Formula existe en la funcionalidad de exportaci\u00f3n en SolarWinds WebHelpDesk versi\u00f3n 12.7.1, mediante un valor (proporcionado por un usuario poco privilegiado en el campo Subject de un formulario de petici\u00f3n de ayuda) que se maneja inapropiadamente en una exportaci\u00f3n TSV de TicketActions/view?tab=group por parte de un usuario administrador."}], "lastModified": "2024-11-21T04:37:51.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:webhelpdesk:12.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "828F2B91-097B-4721-A7B7-0CE047DC28D1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}