CVE-2019-19539 - OpenCVE

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Web Viewpoint T0986 Web Viewpoint T0320 Web Viewpoint T0952

Configuration 1 [-]

OR	cpe:2.3:a:hp:web_viewpoint_t0320::::::::
	cpe:2.3:a:hp:web_viewpoint_t0320::::::::
	cpe:2.3:a:hp:web_viewpoint_t0952:::::plus:::*
	cpe:2.3:a:hp:web_viewpoint_t0952:::::plus:::*
	cpe:2.3:a:hp:web_viewpoint_t0986:::::enterprise:::*
	cpe:2.3:a:hp:web_viewpoint_t0986:::::enterprise:::*

References

Link	Resource
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T18:06:39

Updated: 2020-01-27T18:06:39

Reserved: 2019-12-03T00:00:00

Link: CVE-2019-19539

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T19:15:11.160

Modified: 2020-02-07T17:11:57.587

Link: CVE-2019-19539

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T18:06:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19539", "datePublished": "2020-01-27T18:06:39", "dateReserved": "2019-12-03T00:00:00", "dateUpdated": "2020-01-27T18:06:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:web_viewpoint_t0320:*:*:*:*:*:*:*:*", "matchCriteriaId": "09E6FA05-C08A-48C6-83D0-539CC3582E3B", "versionEndIncluding": "t0320h01\\^aby", "versionStartIncluding": "t0320h01\\^abo", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0320:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC80F89-C8A3-4992-87FB-ED9E5BC2B8F2", "versionEndIncluding": "t0320l01\\^abz", "versionStartIncluding": "t0320l01\\^abp", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0952:*:*:*:*:plus:*:*:*", "matchCriteriaId": "7D6FEE50-D889-4CB7-A915-CB635A98D601", "versionEndIncluding": "t0952h01\\^aaq", "versionStartIncluding": "t0952h01\\^aag", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0952:*:*:*:*:plus:*:*:*", "matchCriteriaId": "569BB034-91E2-4A50-9905-9C56A7B5269A", "versionEndIncluding": "t0952l01\\^aar", "versionStartIncluding": "t0952l01\\^aah", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0986:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8C7B1372-EFBF-414D-90C6-A03D07F05408", "versionEndIncluding": "t0320l01\\^abz", "versionStartIncluding": "t0320l01\\^abp", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0986:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB7322B4-F7DD-4BD5-AC2A-B4319FBD4085", "versionEndIncluding": "t0986h01\\^aae", "versionStartIncluding": "t0986h01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Idelji Web ViewPoint versiones H01ABO-H01BY y L01ABP-L01ABZ, Web ViewPoint Plus versiones H01AAG-H01AAQ y L01AAH-L01AAR y Web ViewPoint Enterprise versiones H01-H01AAE y L01-L01AAF. Mediante la lectura del contenido del archivo ADB o AADB dentro del subvolumen Installation, un usuario Guardian puede descubrir la contrase\u00f1a de group.user o el alias de quien reconoce los eventos desde la pantalla WVP Events."}], "id": "CVE-2019-19539", "lastModified": "2020-02-07T17:11:57.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T19:15:11.160", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}