CVE-2019-0130 - OpenCVE

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkstation P920 Firmware Thinkstation P520c Thinkstation P720 Firmware Thinkstation P520 Thinkstation P720 Thinkstation P520 Firmware Thinkstation P520c Firmware Thinkstation P920
Intel	Rapid Storage Technology Enterprise

Configuration 1 [-]

cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/108775	Broken Link Third Party Advisory VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-27843	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2019-06-13T15:36:25

Updated: 2019-06-24T15:33:58

Reserved: 2018-11-13T00:00:00

Link: CVE-2019-0130

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-13T16:29:00.403

Modified: 2023-03-02T16:15:19.037

Link: CVE-2019-0130

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Intel(R) Accelerated Storage Manager in Intel\u00ae Rapid Storage Technology Enterprise Advisory", "vendor": "n/a", "versions": [{"status": "affected", "version": "Version before 5.5.0.2015"}]}], "descriptions": [{"lang": "en", "value": "Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege, Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-24T15:33:58", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"}, {"name": "108775", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108775"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0130", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Accelerated Storage Manager in Intel\u00ae Rapid Storage Technology Enterprise Advisory", "version": {"version_data": [{"version_value": "Version before 5.5.0.2015"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege, Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"}, {"name": "108775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108775"}, {"name": "https://support.lenovo.com/us/en/product_security/LEN-27843", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}]}}}}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0130", "datePublished": "2019-06-13T15:36:25", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2019-06-24T15:33:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "901DA51D-7BEA-4DD6-9ADF-B776D2218C47", "versionEndExcluding": "5.5.0.2015", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BA83987-B0E4-4BF8-8379-43B90420AAFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*", "matchCriteriaId": "6840BC60-44C3-4EA8-96D3-E93796C15310", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6E5525D-2EA6-4226-A6A3-5C1E442720E1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*", "matchCriteriaId": "0431D83D-1AC8-4EDE-8568-8695F8E68C35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0530CA83-60EA-422B-B0D1-6193336E0AD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77DF681-F12F-4643-B5E1-1BEDE613E343", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB0B747D-09A0-4FBE-9984-6FDFD38CAADE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*", "matchCriteriaId": "D47FCAA7-B33F-4F00-85BA-AA8ED4790572", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access."}, {"lang": "es", "value": "Un XSS reflejado en la interfaz web para Accelerated Storage Manager de Intel\u00ae en RSTe de Intel\u00ae anterior a versi\u00f3n 5.5.0.2015, puede permitir que un usuario no autenticado pueda habilitar potencialmente la denegaci\u00f3n de servicio por medio de un acceso a la red."}], "id": "CVE-2019-0130", "lastModified": "2023-03-02T16:15:19.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-13T16:29:00.403", "references": [{"source": "secure@intel.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108775"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-27843"}, {"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}