Vulnerability CVE-2019-0102


Published: 2019-02-18

Description:
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Type:

CWE-384

(Session Fixation)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
6.4/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/107069
https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html

Copyright 2019, cxsecurity.com

 

Back to Top