CVE-2019-15135 - OpenCVE

The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Omg	Dds Security

Configuration 1 [-]

cpe:2.3:a:omg:dds_security:1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://arxiv.org/abs/1908.05310
https://www.omg.org/spec/DDS-SECURITY/1.1/PDF

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-18T15:43:21

Updated: 2024-08-05T00:34:53.387Z

Reserved: 2019-08-18T00:00:00

Link: CVE-2019-15135

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-18T16:15:10.330

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-15135

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-18T15:43:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://arxiv.org/abs/1908.05310"}, {"tags": ["x_refsource_MISC"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://arxiv.org/abs/1908.05310", "refsource": "MISC", "url": "https://arxiv.org/abs/1908.05310"}, {"name": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF", "refsource": "MISC", "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:53.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://arxiv.org/abs/1908.05310"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15135", "datePublished": "2019-08-18T15:43:21", "dateReserved": "2019-08-18T00:00:00", "dateUpdated": "2024-08-05T00:34:53.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:omg:dds_security:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "22816B16-FF23-4C21-AFD4-D27233FBBD77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network."}, {"lang": "es", "value": "El protocolo de negociaci\u00f3n en Object Management Group (OMG) DDS Security versi\u00f3n 1.1, env\u00eda informaci\u00f3n en texto sin cifrar sobre todas las capacidades de un participante (incluyendo las capacidades no aplicables a la sesi\u00f3n actual), lo que facilita a atacantes descubrir informaci\u00f3n de accesibilidad potencialmente confidencial en una red de Data Distribution Service (DDS)."}], "id": "CVE-2019-15135", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-18T16:15:10.330", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://arxiv.org/abs/1908.05310"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.omg.org/spec/DDS-SECURITY/1.1/PDF"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}