Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-311
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions antérieures à V7.90 | ||
| Siemens | N/A | Spectrum Power 3, 4, 5 et 7 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | RAPIDPoint 500 | ||
| Siemens | N/A | SIMATIC IPC627E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions antérieures à VC12M sans le correctif AX037/19/P | ||
| Siemens | N/A | Sensis SIS Server Machine, Mat. Nr. 06648153: versions antérieures à VC11D, VC12M, VD11B sans le correctif AX037/19/P | ||
| Siemens | N/A | SIMATIC RF68XR versions antérieures à V3.2.1 | ||
| Siemens | N/A | SIMATIC IPC427E avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | SIMATIC IPC647E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | TIA Administrator versions antérieures à V1.0 SP1 Upd1 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd 3 | ||
| Siemens | N/A | SIMATIC IPC847E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC IPC677E avec un BIOS d'une version antérieure à V25.02.04 | ||
| Siemens | N/A | SIMATIC RF615R versions antérieures à V3.2.1 | ||
| Siemens | N/A | SIMATIC IPC477E Pro avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | Sensis High End SIS Server, Mat. Nr. 10140973: versions antérieures à VC11D, VC12M sans le correctif AX037/19/P | ||
| Siemens | N/A | SIMATIC IPC477E avec un BIOS d'une version antérieure à V21.01.11 | ||
| Siemens | N/A | DIGSI 5 versions antérieures à V7.90 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 avec WinCC versions antérieures à V7.4 SP1 Upd 11 | ||
| Siemens | N/A | VM SIS Virtual Server, Mat. Nr. 10765502: versions antérieures à VC12M sans le correctif AX037/19/P |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 3, 4, 5 et 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RAPIDPoint 500",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC627E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC647E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC677E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V25.02.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E Pro avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 V21.01.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2016-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6329"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2019-10930",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10930"
},
{
"name": "CVE-2019-10915",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10915"
},
{
"name": "CVE-2019-10931",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10931"
},
{
"name": "CVE-2019-10935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10935"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10933"
},
{
"name": "CVE-2019-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
}
],
"initial_release_date": "2019-07-09T00:00:00",
"last_revision_date": "2019-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-311",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
CVE-2019-10933 (GCVE-0-2019-10933)
Vulnerability from cvelistv5
Published
2019-07-11 21:17
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens AG | Spectrum Power 3 (Corporate User Interface) |
Version: All versions <= v3.11 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Power 3 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= v3.11"
}
]
},
{
"product": "Spectrum Power 4 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "Version v4.75"
}
]
},
{
"product": "Spectrum Power 5 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c v5.50"
}
]
},
{
"product": "Spectrum Power 7 (Corporate User Interface)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= v2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions \u003c= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions \u003c v5.50), Spectrum Power 7 (Corporate User Interface) (All versions \u003c= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T18:55:57",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Power 3 (Corporate User Interface)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= v3.11"
}
]
}
},
{
"product_name": "Spectrum Power 4 (Corporate User Interface)",
"version": {
"version_data": [
{
"version_value": "Version v4.75"
}
]
}
},
{
"product_name": "Spectrum Power 5 (Corporate User Interface)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c v5.50"
}
]
}
},
{
"product_name": "Spectrum Power 7 (Corporate User Interface)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= v2.20"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions \u003c= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions \u003c v5.50), Spectrum Power 7 (Corporate User Interface) (All versions \u003c= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10933",
"datePublished": "2019-07-11T21:17:47",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0169 (GCVE-0-2013-0169)
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T12:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name": "http://www.matrixssl.org/news.html",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"name": "http://www.openssl.org/news/secadv_20130204.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
"refsource": "MISC",
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57778"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "https://puppet.com/security/cve/cve-2013-0169",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"name": "http://www.splunk.com/view/SP-CAAAHXG",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0169",
"datePublished": "2013-02-08T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12130 (GCVE-0-2018-12130)
Vulnerability from cvelistv5
Published
2019-05-30 15:40
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Processing Units (CPUs)",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:15",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central Processing Units (CPUs)",
"version": {
"version_data": [
{
"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12130",
"datePublished": "2019-05-30T15:40:44",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:57.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10930 (GCVE-0-2019-10930)
Vulnerability from cvelistv5
Published
2019-07-11 21:17
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Summary
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules |
Version: All versions |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"product": "DIGSI 5 engineering software",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 7SS85 and 7KE85",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.01"
}
]
},
{
"product": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T16:13:01",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions "
}
]
}
},
{
"product_name": "DIGSI 5 engineering software",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 7SS85 and 7KE85",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.01"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10930",
"datePublished": "2019-07-11T21:17:47",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3389 (GCVE-0-2011-3389)
Vulnerability from cvelistv5
Published
2011-09-06 19:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74829",
"refsource": "OSVDB",
"url": "http://osvdb.org/74829"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3389",
"datePublished": "2011-09-06T19:00:00",
"dateReserved": "2011-09-05T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0708 (GCVE-0-2019-0708)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-0708",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:17:22.676231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:37.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-0708 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "7 for x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"status": "affected",
"version": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T17:06:16.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"name": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"name": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"name": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0708",
"datePublished": "2019-05-16T18:17:00.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:37.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12127 (GCVE-0-2018-12127)
Vulnerability from cvelistv5
Published
2019-05-30 15:38
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Processing Units (CPUs)",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:07",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central Processing Units (CPUs)",
"version": {
"version_data": [
{
"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12127",
"datePublished": "2019-05-30T15:38:38",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:57.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11091 (GCVE-0-2019-11091)
Vulnerability from cvelistv5
Published
2019-05-30 15:28
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Processing Units (CPUs)",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:10",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central Processing Units (CPUs)",
"version": {
"version_data": [
{
"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11091",
"datePublished": "2019-05-30T15:28:28",
"dateReserved": "2019-04-11T00:00:00",
"dateUpdated": "2024-08-04T22:40:16.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12126 (GCVE-0-2018-12126)
Vulnerability from cvelistv5
Published
2019-05-30 15:36
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Central ProcCVE-2018-12126essing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central ProcCVE-2018-12126essing Units (CPUs)",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:17",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central ProcCVE-2018-12126essing Units (CPUs)",
"version": {
"version_data": [
{
"version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
},
{
"name": "FEDORA-2019-1f5832fc0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
},
{
"name": "openSUSE-SU-2019:1505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
},
{
"name": "RHSA-2019:1455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"name": "USN-3977-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3977-3/"
},
{
"name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
},
{
"name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/28"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
},
{
"name": "openSUSE-SU-2019:1805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1806",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
},
{
"name": "FreeBSD-SA-19:07",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/15"
},
{
"name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12126",
"datePublished": "2019-05-30T15:36:05",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:57.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10915 (GCVE-0-2019-10915)
Vulnerability from cvelistv5
Published
2019-07-11 21:17
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | TIA Administrator |
Version: All versions < V1.0 SP1 Upd1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
},
{
"name": "109124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIA Administrator",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1 Upd1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in TIA Administrator (All versions \u003c V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-24T15:35:14",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
},
{
"name": "109124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIA Administrator",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1 Upd1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in TIA Administrator (All versions \u003c V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"
},
{
"name": "109124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109124"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10915",
"datePublished": "2019-07-11T21:17:46",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10931 (GCVE-0-2019-10931)
Vulnerability from cvelistv5
Published
2019-07-11 21:17
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-248 - Uncaught Exception
Summary
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules |
Version: All versions |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"product": "DIGSI 5 engineering software",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 7SS85 and 7KE85",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.01"
}
]
},
{
"product": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.59"
}
]
},
{
"product": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T16:15:57",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions "
}
]
}
},
{
"product_name": "DIGSI 5 engineering software",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 7SS85 and 7KE85",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.01"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.59"
}
]
}
},
{
"product_name": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.59"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10931",
"datePublished": "2019-07-11T21:17:47",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6329 (GCVE-0-2016-6329)
Vulnerability from cvelistv5
Published
2017-01-31 22:00
Modified
2024-08-06 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sweet32.info/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "1036695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "GLSA-201611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "92631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T12:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sweet32.info/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name": "1036695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name": "GLSA-201611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.openvpn.net/openvpn/wiki/SWEET32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name": "92631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92631"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6329",
"datePublished": "2017-01-31T22:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10935 (GCVE-0-2019-10935)
Vulnerability from cvelistv5
Published
2019-07-11 21:17
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens AG | SIMATIC PCS 7 V8.0 and earlier |
Version: All versions |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.0 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V8.1",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd 11"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
},
{
"product": "SIMATIC WinCC Professional (TIA Portal V13)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC Professional (TIA Portal V14)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Upd 9"
}
]
},
{
"product": "SIMATIC WinCC Professional (TIA Portal V15)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.1 Upd 8"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC V7.2 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.4 SP1 Upd 11"
}
]
},
{
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.5 Upd 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T13:49:24",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd 11"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V13)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V14)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1 Upd 9"
}
]
}
},
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V15)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14.1 Upd 8"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.4 SP1 Upd 11"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.5 Upd 3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10935",
"datePublished": "2019-07-11T21:17:47",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…