CVE-2019-19613 (GCVE-0-2019-19613)
Vulnerability from cvelistv5 – Published: 2020-03-16 20:21 – Updated: 2024-08-05 02:25
VLAI
EPSS
VEX
Summary
An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0
Severity
5.2 (Medium)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://excellium-services.com/cert-xlm-advisory/ | x_refsource_MISC |
| https://halvotec.de/produkte/raquest/ | x_refsource_MISC |
| https://excellium-services.com/cert-xlm-advisory/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:11.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://halvotec.de/produkte/raquest/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim\u0027s request on the wire. Fixed in Release 24.2020.20608.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T20:30:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://halvotec.de/produkte/raquest/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim\u0027s request on the wire. Fixed in Release 24.2020.20608.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://excellium-services.com/cert-xlm-advisory/",
"refsource": "MISC",
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"name": "https://halvotec.de/produkte/raquest/",
"refsource": "MISC",
"url": "https://halvotec.de/produkte/raquest/"
},
{
"name": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/",
"refsource": "MISC",
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19613",
"datePublished": "2020-03-16T20:21:39.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:25:11.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-19613",
"date": "2026-07-16",
"epss": "0.00507",
"percentile": "0.39891"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:halvotec:raquest:10.23.10801.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96831FD3-6154-49F9-AD61-92F1061C16A7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim\u0027s request on the wire. Fixed in Release 24.2020.20608.0\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Halvotec RaQuest versi\\u00f3n 10.23.10801.0. La p\\u00e1gina de inicio de sesi\\u00f3n de la aplicaci\\u00f3n de administraci\\u00f3n es vulnerable a un ataque de Redireccionamiento Abierto que permite a un atacante redirigir a un usuario a un sitio malicioso despu\\u00e9s de la autenticaci\\u00f3n. El atacante necesita estar en la misma red para modificar la solicitud de la v\\u00edctima en el cable. Corregido en la versi\\u00f3n 24.2020.20608.0\"}]",
"id": "CVE-2019-19613",
"lastModified": "2024-11-21T04:35:03.667",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 5.5, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-03-16T21:15:12.267",
"references": "[{\"url\": \"https://excellium-services.com/cert-xlm-advisory/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://halvotec.de/produkte/raquest/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"https://excellium-services.com/cert-xlm-advisory/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://halvotec.de/produkte/raquest/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19613\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-16T21:15:12.267\",\"lastModified\":\"2024-11-21T04:35:03.667\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim\u0027s request on the wire. Fixed in Release 24.2020.20608.0\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Halvotec RaQuest versi\u00f3n 10.23.10801.0. La p\u00e1gina de inicio de sesi\u00f3n de la aplicaci\u00f3n de administraci\u00f3n es vulnerable a un ataque de Redireccionamiento Abierto que permite a un atacante redirigir a un usuario a un sitio malicioso despu\u00e9s de la autenticaci\u00f3n. El atacante necesita estar en la misma red para modificar la solicitud de la v\u00edctima en el cable. Corregido en la versi\u00f3n 24.2020.20608.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:halvotec:raquest:10.23.10801.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96831FD3-6154-49F9-AD61-92F1061C16A7\"}]}]}],\"references\":[{\"url\":\"https://excellium-services.com/cert-xlm-advisory/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://halvotec.de/produkte/raquest/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"https://excellium-services.com/cert-xlm-advisory/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://halvotec.de/produkte/raquest/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…