{"containers": {"cna": {"affected": [{"product": "Business-central", "vendor": "n/a", "versions": [{"status": "affected", "version": "versions up to and including business-central-webapp-7.48.0"}]}], "descriptions": [{"lang": "en", "value": "It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748178"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.124Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748178"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14839", "datePublished": "2022-04-01T22:17:27", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.124Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:business-central:*:*:*:*:*:*:*:*", "matchCriteriaId": "038BA144-DD6C-4E76-AA9B-00AAB7CC7249", "versionEndIncluding": "7.48.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5863BBF-829E-44EF-ACE8-61D5037251F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc."}, {"lang": "es", "value": "Se ha observado que mientras es accedido a la consola de Business-central, una petici\u00f3n HTTP divulga informaci\u00f3n confidencial como el nombre de usuario y la contrase\u00f1a cuando es interceptada usando alguna herramienta como burp suite, etc"}], "id": "CVE-2019-14839", "lastModified": "2024-11-21T04:27:28.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-01T23:15:08.533", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748178"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Business-central: HTTP Request interception disclose sensitive information like username and password", "id": "1748178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748178"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.", "A flaw was found in Business Central. When logging into the Business-central console, the HTTP request discloses sensitive information such as the username and password. This issue occurs when intercepted with tools like Burp Suite, etc."], "name": "CVE-2019-14839", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Affected", "impact": "moderate", "package_name": "Business-central", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Affected", "impact": "moderate", "package_name": "Business-central", "product_name": "Red Hat Process Automation 7"}], "public_date": "2021-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14839\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14839"], "threat_severity": "Moderate"}