// For flags

CVE-2019-3490

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.

Se identificó una vulnerabilidad de tipo XSS basada en DOM en el componente Netstorage de Open Enterprise Server (OES) que permite a un atacante remoto ejecutar javascript en el navegador de víctimas engañando al usuario para que haga clic en un enlace especialmente creado. Esto afecta a las versiones de OES OES2015SP1, OES2018 y OES2018SP1. Las versiones anteriores pueden verse afectadas pero no fueron puestos a prueba porque están fuera de soporte.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-31 CVE Reserved
  • 2019-05-02 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
https://support.microfocus.com/kb/doc.php?id=7023828 X_refsource_misc
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microfocus
Search vendor "Microfocus"
 Open Enterprise Server
Search vendor "Microfocus" for product "Open Enterprise Server"
 2015.1
Search vendor "Microfocus" for product "Open Enterprise Server" and version "2015.1"
-
Affected
Microfocus
Search vendor "Microfocus"
 Open Enterprise Server
Search vendor "Microfocus" for product "Open Enterprise Server"
 2018.0
Search vendor "Microfocus" for product "Open Enterprise Server" and version "2018.0"
-
Affected
Microfocus
Search vendor "Microfocus"
 Open Enterprise Server
Search vendor "Microfocus" for product "Open Enterprise Server"
 2018.1
Search vendor "Microfocus" for product "Open Enterprise Server" and version "2018.1"
-
Affected