CVE-2019-13498 - OpenCVE

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Oneidentity	Cloud Access Manager

Configuration 1 [-]

cpe:2.3:a:oneidentity:cloud_access_manager:8.1.3:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/FurqanKhan1/CVE-2019-13498	Exploit Third Party Advisory
https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-29T16:01:19

Updated: 2019-08-05T14:16:30

Reserved: 2019-07-10T00:00:00

Link: CVE-2019-13498

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-29T17:15:11.527

Modified: 2023-02-28T14:45:01.733

Link: CVE-2019-13498

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oneidentity:cloud_access_manager:8.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "64669248-8278-47F4-B1F4-4A38030AC37F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4."}, {"lang": "es", "value": "One Identity Cloud Access Manager versi\u00f3n 8.1.3, no utiliza HTTP Strict Transport Security (HSTS), lo que puede permitir ataques de tipo man-in-the-middle (MITM). Este problema es corregido en la versi\u00f3n 8.1.4."}], "id": "CVE-2019-13498", "lastModified": "2023-02-28T14:45:01.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-29T17:15:11.527", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FurqanKhan1/CVE-2019-13498"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}