Lucene search

MitreCVE-2019-11819

HistoryMay 08, 2019 - 4:29 p.m.

CVE-2019-11819

2019-05-0816:29:00

CWE-1236

mitre

web.nvd.nist.gov

alkacon

opencms

csv injection

excel macro

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

Affected configurations

Nvd

Node

alkaconopencmsRange≤10.5.4

VendorProductVersionCPE
alkaconopencms*cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alkacon	opencms	*	cpe:2.3:a:alkacon:opencms::::::::

References

github.com/alkacon/opencms-core/issues/636

www.openwall.com/lists/oss-security/2019/05/05/2

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

Related for CVE-2019-11819