Lucene search

[email protected]NVD:CVE-2019-6034

HistoryDec 26, 2019 - 4:15 p.m.

CVE-2019-6034

2019-12-2616:15:12

CWE-74

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

36.1%

JSON

a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.

Affected configurations

Nvd

Node

appleplea-blog_cmsRange2.8.0–2.8.64

appleplea-blog_cmsRange2.9.0–2.9.6

appleplea-blog_cmsRange2.10.0–2.10.23

VendorProductVersionCPE
appleplea-blog_cms*cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
appleple	a-blog_cms	*	cpe:2.3:a:appleple:a-blog_cms::::::::

References

jvn.jp/en/jp/JVN10377257/index.html

developer.a-blogcms.jp/download/legacy.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

36.1%

JSON

Related for NVD:CVE-2019-6034

cve1 prion1 cvelist1 jvn1