CVE-2019-19539 - OpenCVE

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Web Viewpoint T0320 Web Viewpoint T0952 Web Viewpoint T0986

Configuration 1 [-]

OR	cpe:2.3:a:hp:web_viewpoint_t0320::::::::
	cpe:2.3:a:hp:web_viewpoint_t0320::::::::
	cpe:2.3:a:hp:web_viewpoint_t0952:::::plus:::*
	cpe:2.3:a:hp:web_viewpoint_t0952:::::plus:::*
	cpe:2.3:a:hp:web_viewpoint_t0986:::::enterprise:::*
	cpe:2.3:a:hp:web_viewpoint_t0986:::::enterprise:::*

No data.

References

Link	Providers
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T18:06:39

Updated: 2024-08-05T02:16:48.292Z

Reserved: 2019-12-03T00:00:00

Link: CVE-2019-19539

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-27T19:15:11.160

Modified: 2020-02-07T17:11:57.587

Link: CVE-2019-19539

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T18:06:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:16:48.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19539", "datePublished": "2020-01-27T18:06:39", "dateReserved": "2019-12-03T00:00:00", "dateUpdated": "2024-08-05T02:16:48.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:web_viewpoint_t0320:*:*:*:*:*:*:*:*", "matchCriteriaId": "09E6FA05-C08A-48C6-83D0-539CC3582E3B", "versionEndIncluding": "t0320h01\\^aby", "versionStartIncluding": "t0320h01\\^abo", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0320:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC80F89-C8A3-4992-87FB-ED9E5BC2B8F2", "versionEndIncluding": "t0320l01\\^abz", "versionStartIncluding": "t0320l01\\^abp", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0952:*:*:*:*:plus:*:*:*", "matchCriteriaId": "7D6FEE50-D889-4CB7-A915-CB635A98D601", "versionEndIncluding": "t0952h01\\^aaq", "versionStartIncluding": "t0952h01\\^aag", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0952:*:*:*:*:plus:*:*:*", "matchCriteriaId": "569BB034-91E2-4A50-9905-9C56A7B5269A", "versionEndIncluding": "t0952l01\\^aar", "versionStartIncluding": "t0952l01\\^aah", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0986:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8C7B1372-EFBF-414D-90C6-A03D07F05408", "versionEndIncluding": "t0320l01\\^abz", "versionStartIncluding": "t0320l01\\^abp", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:web_viewpoint_t0986:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB7322B4-F7DD-4BD5-AC2A-B4319FBD4085", "versionEndIncluding": "t0986h01\\^aae", "versionStartIncluding": "t0986h01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Idelji Web ViewPoint versiones H01ABO-H01BY y L01ABP-L01ABZ, Web ViewPoint Plus versiones H01AAG-H01AAQ y L01AAH-L01AAR y Web ViewPoint Enterprise versiones H01-H01AAE y L01-L01AAF. Mediante la lectura del contenido del archivo ADB o AADB dentro del subvolumen Installation, un usuario Guardian puede descubrir la contrase\u00f1a de group.user o el alias de quien reconoce los eventos desde la pantalla WVP Events."}], "id": "CVE-2019-19539", "lastModified": "2020-02-07T17:11:57.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T19:15:11.160", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}