CVE-2019-6008 - Vulnerability Details

Vendors	Products
Yokogawa	Exaopc Exaplog Exaquantum Exaquantum\/batch Exarqe Exasmoc Ga10 Insightsuiteae

Link	Providers
http://jvn.jp/vu/JVNVU98228725/index.html
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Multiple Yokogawa products for Windows", "vendor": "Yokogawa Electric Corporation", "versions": [{"status": "affected", "version": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and  R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"}]}], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}], "problemTypes": [{"descriptions": [{"description": "Unquoted Search Path or Element", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-26T15:16:49", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2019-6008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Multiple Yokogawa products for Windows", "version": {"version_data": [{"version_value": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and  R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"}]}}]}, "vendor_name": "Yokogawa Electric Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/", "refsource": "MISC", "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"name": "http://jvn.jp/vu/JVNVU98228725/index.html", "refsource": "MISC", "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:09:24.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2019-6008", "datePublished": "2019-12-26T15:16:49", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-04T20:09:24.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Multiple Yokogawa products for Windows (string)

vendor : Yokogawa Electric Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00) (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Unquoted Search Path or Element (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-12-26T15:16:49 (string)

orgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

shortName : jpcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://jvn.jp/vu/JVNVU98228725/index.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vultures@jpcert.or.jp (string)

ID : CVE-2019-6008 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Multiple Yokogawa products for Windows (string)

version : { »

version_data : [ »

0 : { »

version_value : Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00) (string)

}

]

}

]

}

vendor_name : Yokogawa Electric Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Unquoted Search Path or Element (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

refsource : MISC (string)

url : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

}

1 : { »

name : http://jvn.jp/vu/JVNVU98228725/index.html (string)

refsource : MISC (string)

url : http://jvn.jp/vu/JVNVU98228725/index.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:09:24.050Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://jvn.jp/vu/JVNVU98228725/index.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

assignerShortName : jpcert (string)

cveId : CVE-2019-6008 (string)

datePublished : 2019-12-26T15:16:49 (string)

dateReserved : 2019-01-10T00:00:00 (string)

dateUpdated : 2024-08-04T20:09:24.050Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*", "matchCriteriaId": "91D6B3D6-E908-4E19-AB94-5498B12ED834", "versionEndIncluding": "r3.77.00", "versionStartIncluding": "r1.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D99F269-84E5-4DC1-B17E-D3288138959F", "versionEndIncluding": "r3.30.00", "versionStartIncluding": "r1.10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F2F5BE9D-2150-4EEC-B749-E2F552653293", "versionEndIncluding": "r3.02.00", "versionStartIncluding": "r1.10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:windows:*:*", "matchCriteriaId": "95A37F00-92D1-4437-86E3-16606C700169", "versionEndIncluding": "r2.50.40", "versionStartIncluding": "r1.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A0563434-02C4-45D2-B119-5586F823281D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2CC76876-D26E-4DE8-8403-4676A2B41923", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*", "matchCriteriaId": "859D7D36-8EAF-4368-93B0-5891DD1A14B0", "versionEndIncluding": "r3.05.01", "versionStartIncluding": "r1.01.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4996F8C8-E3BD-425B-AD64-14A98786A2C1", "versionEndIncluding": "r1.06.00", "versionStartIncluding": "r1.01.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda sin comillas en varios productos de Yokogawa para Windows (Exaopc (R1.01.00 hasta R3.77.00), Exaplog (R1.10.00 hasta R3.40.00), Exaquantum (R1.10.00 hasta R3.02.00 y R3.15.00), Exaquantum/Batch (R1.01.00 hasta R2.50.40), Exasmoc (todas las revisiones), Exarqe (todas las revisiones), GA10 (R1.01.01 hasta R3.05.01) e InsightSuiteAE (R1.01.00 hasta R1.06.00)), permite a usuarios locales alcanzar privilegios por medio de un archivo ejecutable de tipo caballo de Troya y ejecutar c\u00f3digo arbitrario con privilegios elevados."}], "id": "CVE-2019-6008", "lastModified": "2024-11-21T04:45:54.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-26T16:15:10.967", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 91D6B3D6-E908-4E19-AB94-5498B12ED834 (string)

versionEndIncluding : r3.77.00 (string)

versionStartIncluding : r1.01.00 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 6D99F269-84E5-4DC1-B17E-D3288138959F (string)

versionEndIncluding : r3.30.00 (string)

versionStartIncluding : r1.10.00 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : F2F5BE9D-2150-4EEC-B749-E2F552653293 (string)

versionEndIncluding : r3.02.00 (string)

versionStartIncluding : r1.10.00 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:yokogawa:exaquantum\/batch:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 95A37F00-92D1-4437-86E3-16606C700169 (string)

versionEndIncluding : r2.50.40 (string)

versionStartIncluding : r1.01.00 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : A0563434-02C4-45D2-B119-5586F823281D (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 2CC76876-D26E-4DE8-8403-4676A2B41923 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 859D7D36-8EAF-4368-93B0-5891DD1A14B0 (string)

versionEndIncluding : r3.05.01 (string)

versionStartIncluding : r1.01.01 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 4996F8C8-E3BD-425B-AD64-14A98786A2C1 (string)

versionEndIncluding : r1.06.00 (string)

versionStartIncluding : r1.01.00 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de ruta de búsqueda sin comillas en varios productos de Yokogawa para Windows (Exaopc (R1.01.00 hasta R3.77.00), Exaplog (R1.10.00 hasta R3.40.00), Exaquantum (R1.10.00 hasta R3.02.00 y R3.15.00), Exaquantum/Batch (R1.01.00 hasta R2.50.40), Exasmoc (todas las revisiones), Exarqe (todas las revisiones), GA10 (R1.01.01 hasta R3.05.01) e InsightSuiteAE (R1.01.00 hasta R1.06.00)), permite a usuarios locales alcanzar privilegios por medio de un archivo ejecutable de tipo caballo de Troya y ejecutar código arbitrario con privilegios elevados. (string)

}

]

id : CVE-2019-6008 (string)

lastModified : 2024-11-21T04:45:54.310 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-12-26T16:15:10.967 (string)

references : [ »

0 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://jvn.jp/vu/JVNVU98228725/index.html (string)

}

1 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://jvn.jp/vu/JVNVU98228725/index.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ (string)

}

]

sourceIdentifier : vultures@jpcert.or.jp (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-428 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object