CVE-2019-5916

Published Feb 13, 2019

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-917

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A2B5862-3977-4222-9534-78026B9A5717"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.0.2:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E282CD22-54F4-43B2-84AF-E42F40967A48"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.1:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F0239E6-A880-443A-A055-5049CD196847"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.2:patch7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F259BD-5375-4AB5-9C4B-13E2EA57A74A"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.3:patch9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14C1B97D-B5FE-4408-BFAA-D62105BF5597"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.4:patch13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F79649C-F263-44E1-9330-515B93CDAD84"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.5:patch12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89261254-7B1E-498E-BC01-4AAD97B40BEF"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.6:patch8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98FA6176-758F-4604-8244-A5FC59E80D6C"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.7:patch6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E5D871E-2713-476D-9C50-71A82DE09C8A"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.7:patch7:*:*:government:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EB2ED4D-9508-4EFD-ADD5-5F1EF7AEAC5F"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.8:patch6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D310002-0446-476B-9D92-A2F04E1750AC"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.8c:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FA4E839-EC4D-45BC-98B4-F95C0B4F46C4"
          },
          {
            "criteria": "cpe:2.3:a:d-circle:power_egg:2.9:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF03BE87-B359-4631-A53B-5C0C8D9A4FAB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References