CVE-2019-19539

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.

Se detectó un problema en Idelji Web ViewPoint versiones H01ABO-H01BY y L01ABP-L01ABZ, Web ViewPoint Plus versiones H01AAG-H01AAQ y L01AAH-L01AAR y Web ViewPoint Enterprise versiones H01-H01AAE y L01-L01AAF. Mediante la lectura del contenido del archivo ADB o AADB dentro del subvolumen Installation, un usuario Guardian puede descubrir la contraseña de group.user o el alias de quien reconoce los eventos desde la pantalla WVP Events.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-03 CVE Reserved
2020-01-27 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-522: Insufficiently Protected Credentials

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us	2020-02-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"		Web Viewpoint T0320 Search vendor "Hp" for product "Web Viewpoint T0320"				>= t0320h01\^abo <= t0320h01\^aby Search vendor "Hp" for product "Web Viewpoint T0320" and version " >= t0320h01\^abo <= t0320h01\^aby"		-		Affected
Hp Search vendor "Hp"		Web Viewpoint T0320 Search vendor "Hp" for product "Web Viewpoint T0320"				>= t0320l01\^abp <= t0320l01\^abz Search vendor "Hp" for product "Web Viewpoint T0320" and version " >= t0320l01\^abp <= t0320l01\^abz"		-		Affected
Hp Search vendor "Hp"		Web Viewpoint T0952 Search vendor "Hp" for product "Web Viewpoint T0952"				>= t0952h01\^aag <= t0952h01\^aaq Search vendor "Hp" for product "Web Viewpoint T0952" and version " >= t0952h01\^aag <= t0952h01\^aaq"		plus		Affected
Hp Search vendor "Hp"		Web Viewpoint T0952 Search vendor "Hp" for product "Web Viewpoint T0952"				>= t0952l01\^aah <= t0952l01\^aar Search vendor "Hp" for product "Web Viewpoint T0952" and version " >= t0952l01\^aah <= t0952l01\^aar"		plus		Affected
Hp Search vendor "Hp"		Web Viewpoint T0986 Search vendor "Hp" for product "Web Viewpoint T0986"				>= t0320l01\^abp <= t0320l01\^abz Search vendor "Hp" for product "Web Viewpoint T0986" and version " >= t0320l01\^abp <= t0320l01\^abz"		enterprise		Affected
Hp Search vendor "Hp"		Web Viewpoint T0986 Search vendor "Hp" for product "Web Viewpoint T0986"				>= t0986h01 <= t0986h01\^aae Search vendor "Hp" for product "Web Viewpoint T0986" and version " >= t0986h01 <= t0986h01\^aae"		enterprise		Affected