CVE-2019-15135 - Vulnerability Details - OpenCVE

The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00151.

Key SSVC decision points have not yet been added.

Vendors	Products
Omg	Dds Security

Configuration 1 [-]

cpe:2.3:a:omg:dds_security:1.1:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-6203	The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://arxiv.org/abs/1908.05310
https://www.omg.org/spec/DDS-SECURITY/1.1/PDF

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00187}`	epss `{'score': 0.00151}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-18T15:43:21

Updated: 2024-08-05T00:34:53.387Z

Reserved: 2019-08-18T00:00:00

Link: CVE-2019-15135

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-18T16:15:10.330

Modified: 2024-11-21T04:28:07.773

Link: CVE-2019-15135

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-18T15:43:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://arxiv.org/abs/1908.05310"}, {"tags": ["x_refsource_MISC"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://arxiv.org/abs/1908.05310", "refsource": "MISC", "url": "https://arxiv.org/abs/1908.05310"}, {"name": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF", "refsource": "MISC", "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:53.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://arxiv.org/abs/1908.05310"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15135", "datePublished": "2019-08-18T15:43:21", "dateReserved": "2019-08-18T00:00:00", "dateUpdated": "2024-08-05T00:34:53.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:omg:dds_security:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "22816B16-FF23-4C21-AFD4-D27233FBBD77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}, {"lang": "es", "value": "El protocolo de negociaci\u00f3n en Object Management Group (OMG) DDS Security versi\u00f3n 1.1, env\u00eda informaci\u00f3n en texto sin cifrar sobre todas las capacidades de un participante (incluyendo las capacidades no aplicables a la sesi\u00f3n actual), lo que facilita a atacantes descubrir informaci\u00f3n de accesibilidad potencialmente confidencial en una red de Data Distribution Service (DDS)."}], "id": "CVE-2019-15135", "lastModified": "2024-11-21T04:28:07.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-18T16:15:10.330", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://arxiv.org/abs/1908.05310"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://arxiv.org/abs/1908.05310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}