Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by saet
VAR-201905-0055
Vulnerability from variot - Updated: 2023-12-18 13:43The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call. SAET Impianti Speciali TEBE Small Device and WebApp Contains an information disclosure vulnerability.Information may be obtained. WebApp is one of the web-based management programs. Attackers can exploit this vulnerability to make various API calls without authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webapp",
"scope": "eq",
"trust": 1.8,
"vendor": "saet",
"version": "04.68"
},
{
"model": "tebe small",
"scope": "eq",
"trust": 1.0,
"vendor": "saet",
"version": "05.01"
},
{
"model": "tebe small",
"scope": "eq",
"trust": 0.8,
"vendor": "saet",
"version": "05.01 build 1137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9105"
}
]
},
"cve": "CVE-2019-9105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9105",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-160540",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9105",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9105",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-1229",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI\u0026customurl=alladminusers call. SAET Impianti Speciali TEBE Small Device and WebApp Contains an information disclosure vulnerability.Information may be obtained. WebApp is one of the web-based management programs. Attackers can exploit this vulnerability to make various API calls without authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "VULHUB",
"id": "VHN-160540"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9105",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1229",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-160540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"id": "VAR-201905-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160540"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:22.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TEBE CRESCE E SI FA PICCOLA",
"trust": 0.8,
"url": "https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
},
{
"trust": 1.7,
"url": "https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9105"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-160540"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"date": "2019-05-31T22:29:01.347000",
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"date": "2019-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-03T00:00:00",
"db": "VULHUB",
"id": "VHN-160540"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004976"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-9105"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAET Impianti Speciali TEBE Small Device and WebApp Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1229"
}
],
"trust": 0.6
}
}
VAR-201905-0056
Vulnerability from variot - Updated: 2023-12-18 12:00The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. SAET Impianti Speciali TEBE Small Device and WebApp Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAET Impianti Speciali TEBE Small is a set of physical access control system of Italy SAET company. WebApp is one of the web-based management programs. A security vulnerability exists in WebApp v04.68 in SAET Impianti Speciali TEBE Small 05.01 build 1137
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webapp",
"scope": "eq",
"trust": 1.8,
"vendor": "saet",
"version": "04.68"
},
{
"model": "tebe small",
"scope": "eq",
"trust": 1.0,
"vendor": "saet",
"version": "05.01"
},
{
"model": "tebe small",
"scope": "eq",
"trust": 0.8,
"vendor": "saet",
"version": "05.01 build 1137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9106"
}
]
},
"cve": "CVE-2019-9106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9106",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-160541",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9106",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9106",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-1231",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-160541",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9106",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. SAET Impianti Speciali TEBE Small Device and WebApp Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAET Impianti Speciali TEBE Small is a set of physical access control system of Italy SAET company. WebApp is one of the web-based management programs. A security vulnerability exists in WebApp v04.68 in SAET Impianti Speciali TEBE Small 05.01 build 1137",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "VULMON",
"id": "CVE-2019-9106"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9106",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1231",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-160541",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9106",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"id": "VAR-201905-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160541"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:14.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TEBE CRESCE E SI FA PICCOLA",
"trust": 0.8,
"url": "https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
},
{
"trust": 1.8,
"url": "https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9106"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160541"
},
{
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-160541"
},
{
"date": "2019-05-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"date": "2019-05-31T22:29:01.410000",
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"date": "2019-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-03T00:00:00",
"db": "VULHUB",
"id": "VHN-160541"
},
{
"date": "2019-06-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9106"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004977"
},
{
"date": "2019-06-03T14:32:03.423000",
"db": "NVD",
"id": "CVE-2019-9106"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAET Impianti Speciali TEBE Small Device and WebApp Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1231"
}
],
"trust": 0.6
}
}
CVE-2019-9106 (GCVE-0-2019-9106)
Vulnerability from cvelistv5 – Published: 2019-05-31 21:22 – Updated: 2024-08-04 21:38- n/a
| URL | Tags |
|---|---|
| https://www.saet.org/wp-content/uploads/2017/04/D… | x_refsource_MISC |
| https://members.backbox.org/saet-tebe-small-super… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:22:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf",
"refsource": "MISC",
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9106",
"datePublished": "2019-05-31T21:22:41.000Z",
"dateReserved": "2019-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9105 (GCVE-0-2019-9105)
Vulnerability from cvelistv5 – Published: 2019-05-31 21:21 – Updated: 2024-08-04 21:38- n/a
| URL | Tags |
|---|---|
| https://www.saet.org/wp-content/uploads/2017/04/D… | x_refsource_MISC |
| https://members.backbox.org/saet-tebe-small-super… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI\u0026customurl=alladminusers call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:21:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI\u0026customurl=alladminusers call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf",
"refsource": "MISC",
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9105",
"datePublished": "2019-05-31T21:21:15.000Z",
"dateReserved": "2019-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9106 (GCVE-0-2019-9106)
Vulnerability from nvd – Published: 2019-05-31 21:22 – Updated: 2024-08-04 21:38- n/a
| URL | Tags |
|---|---|
| https://www.saet.org/wp-content/uploads/2017/04/D… | x_refsource_MISC |
| https://members.backbox.org/saet-tebe-small-super… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:22:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf",
"refsource": "MISC",
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9106",
"datePublished": "2019-05-31T21:22:41.000Z",
"dateReserved": "2019-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9105 (GCVE-0-2019-9105)
Vulnerability from nvd – Published: 2019-05-31 21:21 – Updated: 2024-08-04 21:38- n/a
| URL | Tags |
|---|---|
| https://www.saet.org/wp-content/uploads/2017/04/D… | x_refsource_MISC |
| https://members.backbox.org/saet-tebe-small-super… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI\u0026customurl=alladminusers call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:21:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI\u0026customurl=alladminusers call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf",
"refsource": "MISC",
"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf"
},
{
"name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9105",
"datePublished": "2019-05-31T21:21:15.000Z",
"dateReserved": "2019-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}