Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities by prise
CVE-2019-15089 (GCVE-0-2019-15089)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:43 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:43:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15089",
"datePublished": "2019-09-20T13:43:08.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15088 (GCVE-0-2019-15088)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:42 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15088",
"datePublished": "2019-09-20T13:42:40.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15087 (GCVE-0-2019-15087)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:42 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15087",
"datePublished": "2019-09-20T13:42:17.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15086 (GCVE-0-2019-15086)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:41 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15086",
"datePublished": "2019-09-20T13:41:46.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15085 (GCVE-0-2019-15085)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:41 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:41:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15085",
"datePublished": "2019-09-20T13:41:12.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14916 (GCVE-0-2019-14916)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:40 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. A file\u0027s format is not properly checked, leading to an unrestricted file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:40:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. A file\u0027s format is not properly checked, leading to an unrestricted file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14916",
"datePublished": "2019-09-20T13:40:18.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14915 (GCVE-0-2019-14915)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:39 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:40:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14915",
"datePublished": "2019-09-20T13:39:54.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14914 (GCVE-0-2019-14914)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:39 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:39:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14914",
"datePublished": "2019-09-20T13:39:25.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14913 (GCVE-0-2019-14913)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:38 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:38:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14913",
"datePublished": "2019-09-20T13:38:48.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14912 (GCVE-0-2019-14912)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:38 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:38:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14912",
"datePublished": "2019-09-20T13:38:15.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14911 (GCVE-0-2019-14911)
Vulnerability from cvelistv5 – Published: 2019-09-20 13:37 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:37:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14911",
"datePublished": "2019-09-20T13:37:37.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15089 (GCVE-0-2019-15089)
Vulnerability from nvd – Published: 2019-09-20 13:43 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:43:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15089",
"datePublished": "2019-09-20T13:43:08.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15088 (GCVE-0-2019-15088)
Vulnerability from nvd – Published: 2019-09-20 13:42 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15088",
"datePublished": "2019-09-20T13:42:40.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15087 (GCVE-0-2019-15087)
Vulnerability from nvd – Published: 2019-09-20 13:42 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15087",
"datePublished": "2019-09-20T13:42:17.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15086 (GCVE-0-2019-15086)
Vulnerability from nvd – Published: 2019-09-20 13:41 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:42:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15086",
"datePublished": "2019-09-20T13:41:46.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15085 (GCVE-0-2019-15085)
Vulnerability from nvd – Published: 2019-09-20 13:41 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:41:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15085",
"datePublished": "2019-09-20T13:41:12.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14916 (GCVE-0-2019-14916)
Vulnerability from nvd – Published: 2019-09-20 13:40 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. A file\u0027s format is not properly checked, leading to an unrestricted file upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:40:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. A file\u0027s format is not properly checked, leading to an unrestricted file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14916",
"datePublished": "2019-09-20T13:40:18.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14915 (GCVE-0-2019-14915)
Vulnerability from nvd – Published: 2019-09-20 13:39 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:40:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14915",
"datePublished": "2019-09-20T13:39:54.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14914 (GCVE-0-2019-14914)
Vulnerability from nvd – Published: 2019-09-20 13:39 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:39:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14914",
"datePublished": "2019-09-20T13:39:25.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14913 (GCVE-0-2019-14913)
Vulnerability from nvd – Published: 2019-09-20 13:38 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:38:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14913",
"datePublished": "2019-09-20T13:38:48.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14912 (GCVE-0-2019-14912)
Vulnerability from nvd – Published: 2019-09-20 13:38 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:38:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14912",
"datePublished": "2019-09-20T13:38:15.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:52.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14911 (GCVE-0-2019-14911)
Vulnerability from nvd – Published: 2019-09-20 13:37 – Updated: 2024-08-05 00:34
VLAI
EPSS
VEX
Summary
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.adas-sso.com/es/extra/download.php | x_refsource_MISC |
| https://security-garage.com/index.php/cves/from-o… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:51.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:37:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adas-sso.com/es/extra/download.php",
"refsource": "MISC",
"url": "http://www.adas-sso.com/es/extra/download.php"
},
{
"name": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14911",
"datePublished": "2019-09-20T13:37:37.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:51.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}