CVE-2019-3428

{"id": "CVE-2019-3428", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-11-22T16:15:12.227", "references": [{"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011863", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users\u2019 information leakage."}, {"lang": "es", "value": "La versi\u00f3n V6.01.03.01 del producto ZTE ZXCDN IAMWEB se ve afectada por una vulnerabilidad de error de configuraci\u00f3n. Un atacante podr\u00eda acceder directamente al portal de administraci\u00f3n en HTTP, lo que provocar\u00eda una fuga de informaci\u00f3n de los usuarios."}], "lastModified": "2024-11-21T04:42:04.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxcdn_iamweb_firmware:6.01.03.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "027ABFAD-32FB-4378-9AE5-256965A298CC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxcdn_iamweb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64BC2B9C-27F5-4A8B-9C5F-5F4413B7ADE6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}