CVE-2019-6716

Published Mar 21, 2019

Last updated 4 years ago

CVSS critical 9.4

Overview

Description: An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.4
Impact score: 5.5
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-639

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FA77F0C-103B-4064-8830-2649C74BAA4B"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "437EFE41-81AA-432C-8CB4-DEA455EDC058"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88F7E2D6-234B-4B33-8B6D-59FE482CDCCC"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1567870E-B49B-4CD2-B879-13599BD13C42"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F658A8-31D3-4C4D-A61E-9B9CBEE9C0BF"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EC65199-D280-475C-AF94-AFF46F254D16"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E597915-445B-4126-A091-6F984CB55677"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.2:rg9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A40B1EFB-6AAA-44BB-9B5F-9DE3BE646B15"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66185F29-4889-4305-A9BB-85E255976BA3"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DD00E58-10CC-4974-8515-9D3E9A982DB1"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A04CFD0-3F2D-4F09-8759-11664C27DB32"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE39763D-7766-49A6-897F-9308488EC5D9"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D77A37D8-1AF5-4C86-A36D-3BD5D1A97EE8"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9F9A2F4-05D8-4011-BAA6-1F3CB96CE1E3"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B35606D-5FEB-44B4-B5D3-92ADCAC3737B"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFFE7132-2219-49AA-B65F-C6910C6ECB61"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.3:rg8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89D5E42C-33ED-4A58-B3F0-7393C0D13FED"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.4:rg:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B512491-7A47-48AA-BE20-ACCF0D9D0BC9"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.4:rg1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01888E3E-31C1-40B6-8F2F-E8EFE0AB2D27"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.4:rg2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7883AC8-16FB-4A88-BD02-B1677A7EB5E0"
          },
          {
            "criteria": "cpe:2.3:a:logonbox:nervepoint_access_manager:1.4:rg3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD4D33E6-1F37-477A-95BB-4984CC93BCF8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References