CVE-2019-7312 - OpenCVE

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Primx	Zed Zedmail Zonecentral

Configuration 1 [-]

OR	cpe:2.3:a:primx:zed:::::free:windows::
	cpe:2.3:a:primx:zed:::::pro:windows::
	cpe:2.3:a:primx:zed:::::free:linux::
	cpe:2.3:a:primx:zed:::::free:mac::
	cpe:2.3:a:primx:zed:::::pro:linux::
	cpe:2.3:a:primx:zed:::::pro:mac::
	cpe:2.3:a:primx:zed:::::entreprise:linux::
	cpe:2.3:a:primx:zed:::::entreprise:mac::
	cpe:2.3:a:primx:zed:::::entreprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-19110545	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:19:30

Updated: 2022-10-03T16:19:30

Reserved: 2022-10-03T00:00:00

Link: CVE-2019-7312

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-03T08:29:00.293

Modified: 2019-02-26T16:19:38.243

Link: CVE-2019-7312

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:19:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.primx.eu/en/bulletins/security-bulletin-19110545", "refsource": "MISC", "url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7312", "datePublished": "2022-10-03T16:19:30", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:19:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:windows:*:*", "matchCriteriaId": "4DC7B453-8DA5-4764-A4FD-77FB06E98737", "versionEndExcluding": "1.0.195", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:windows:*:*", "matchCriteriaId": "A5C990BE-473E-4471-BECE-210902EF8F04", "versionEndExcluding": "1.0.195", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:linux:*:*", "matchCriteriaId": "60B2C638-AD0A-4C93-ACA3-1BDAC971F2E1", "versionEndExcluding": "1.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:mac:*:*", "matchCriteriaId": "93EA97A8-DD10-4F1C-9356-BDB503B6AE91", "versionEndExcluding": "1.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:linux:*:*", "matchCriteriaId": "E4086B4A-B6C4-4EE2-8A69-DFDBC9DA6D03", "versionEndExcluding": "1.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:mac:*:*", "matchCriteriaId": "D45A9E55-703D-4A17-8EAE-B96B91DF2D1A", "versionEndExcluding": "1.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:linux:*:*", "matchCriteriaId": "DFD43D83-1DBF-4F41-90CA-585109597003", "versionEndExcluding": "2.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:mac:*:*", "matchCriteriaId": "F8EAE130-AE29-48FB-A156-C1E1D8C176C6", "versionEndExcluding": "2.0.199", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:windows:*:*", "matchCriteriaId": "64372E28-DDC9-4DFC-AF2F-B46CBF74E066", "versionEndExcluding": "6.1.2240", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9AC207CC-0888-47ED-A8EE-260D1C71BF33", "versionEndExcluding": "6.1.2240", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CCA5A62E-8D4C-4BD5-9AB0-9CAB5DABFE28", "versionEndExcluding": "6.1.2240", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."}, {"lang": "es", "value": "Existe la divulgaci\u00f3n de texto plano limitada en PRIMX Zed Entreprise para Windows, en versiones anteriores a la 6.1.2240, en Zed Entreprise para Windows [env\u00edo de calificaci\u00f3n ANSSI] en versiones anteriores a la 6.1.2150, en Zed Entreprise para Mac en versiones 2.0.199, en Zed Entreprise para Linux en versiones 2.0.199, en Zed Pro para Windows en versiones anteriores a la 1.0.195, en Zed Pro para Mac en versiones anteriores a la 1.0.199, en Zed Pro para Linux en versiones anteriores a la 1.0.199, en Zed Free para Windows en versiones anteriores a la 1.0.195, en Zed Free para Mac en versiones anteriores a la 1.0.199 y en Zed Free para Linux en versiones anteriores a la 1.0.199. El an\u00e1lisis de un contenedor Zed puede conducir a la divulgaci\u00f3n del contenido de texto plano de archivos muy peque\u00f1os (unos pocos bytes) almacenados en dicho contenedor."}], "id": "CVE-2019-7312", "lastModified": "2019-02-26T16:19:38.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-03T08:29:00.293", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}