CVE-2019-6534 - OpenCVE

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gemalto	Sentinel Ultrapro Client Library

Configuration 1 [-]

OR	cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.0:::::::*
	cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.1:::::::*
	cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.2:::::::*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01
https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2019-04-11T20:38:50

Updated: 2024-08-04T20:23:21.993Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6534

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-11T21:29:00.983

Modified: 2023-01-31T21:03:51.297

Link: CVE-2019-6534

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Sentinel UltraPro", "vendor": "Gemalto", "versions": [{"status": "affected", "version": "Client Library ux32w.dll Version 1.3.0"}, {"status": "affected", "version": "Client Library ux32w.dll Version 1.3.1"}, {"status": "affected", "version": "Client Library ux32w.dll Version 1.3.2"}]}], "datePublic": "2019-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-11T20:38:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01"}, {"tags": ["x_refsource_MISC"], "url": "https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6534", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sentinel UltraPro", "version": {"version_data": [{"version_value": "Client Library ux32w.dll Version 1.3.0"}, {"version_value": "Client Library ux32w.dll Version 1.3.1"}, {"version_value": "Client Library ux32w.dll Version 1.3.2"}]}}]}, "vendor_name": "Gemalto"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01"}, {"name": "https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694", "refsource": "MISC", "url": "https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694"}, {"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf", "refsource": "CONFIRM", "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6534", "datePublished": "2019-04-11T20:38:50", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E68323B-BA26-43F9-B62F-4D1AA48AA311", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "741DF642-8A3F-4CF3-ADAF-4BE5973D0C59", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ultrapro_client_library:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F29B65D6-8174-4652-9292-0734A3458327", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file."}, {"lang": "es", "value": "La vulnerabilidad del elemento path de b\u00fasqueda no controlada en la librer\u00eda ux32w.dll de Gemalto Sentinel UltraPro Client, versiones 1.3.0, 1.3.1 y 1.3.2 permite a un atacante cargar y ejecutar un archivo malicioso."}], "id": "CVE-2019-6534", "lastModified": "2023-01-31T21:03:51.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-11T21:29:00.983", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://supportportal.gemalto.com/csm?id=kb_article_view&sysparm_article=KB0017694"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory"], "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec131.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}