CVE-2019-5492 - OpenCVE

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Element Plug-in For Vcenter Server Hyper Converged Infrastructure Compute Node

Configuration 1 [-]

cpe:2.3:a:netapp:hyper_converged_infrastructure_compute_node:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108105
https://security.netapp.com/advisory/ntap-20190426-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2019-04-29T13:49:33

Updated: 2024-08-04T19:54:53.568Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5492

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-29T14:29:00.757

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5492

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Element Plug-in for vCenter Server", "vendor": "NetApp, Inc.", "versions": [{"status": "affected", "version": "Prior to 4.2.3"}]}], "datePublic": "2019-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server."}], "problemTypes": [{"descriptions": [{"description": "Sensitive Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-30T15:06:02", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190426-0001/"}, {"name": "108105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108105"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "ID": "CVE-2019-5492", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Element Plug-in for vCenter Server", "version": {"version_data": [{"version_value": "Prior to 4.2.3"}]}}]}, "vendor_name": "NetApp, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Sensitive Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/ntap-20190426-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190426-0001/"}, {"name": "108105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108105"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:54:53.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190426-0001/"}, {"name": "108105", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108105"}]}]}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2019-5492", "datePublished": "2019-04-29T13:49:33", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T19:54:53.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure_compute_node:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC8F9626-FC05-4A7C-9E14-1B219F10BC1C", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3967436B-B63B-4F02-8E29-EEA4E36B9CD4", "versionEndExcluding": "4.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server."}, {"lang": "es", "value": "El componente Plug-in para vCenter Server, en versiones anteriores a 4.2.3, puede revelar informaci\u00f3n confidencial de la cuenta a un atacante no autenticado. NetApp HCI Compute Node en las versiones anteriores a 1.4P2 incluyen versiones afectadas de Element Plug-in para vCenter Server."}], "id": "CVE-2019-5492", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-29T14:29:00.757", "references": [{"source": "security-alert@netapp.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/108105"}, {"source": "security-alert@netapp.com", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190426-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}