CVE-2019-10244

{"id": "CVE-2019-10244", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-04-09T16:29:01.587", "references": [{"url": "http://www.securityfocus.com/bid/107844", "tags": ["Third Party Advisory", "VDB Entry"], "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation."}, {"lang": "es", "value": "En Eclipse Kura en las versiones anteriores a la 4.0.0, el paquete de interfaz de usuario web y los servicios de componentes, el componente Mqtt simple de Artemis y el servicio de posici\u00f3n de emulador (que no forma parte de la distribuci\u00f3n del dispositivo) podr\u00edan ser objeto de un ataque XXE debido a una inicializaci\u00f3n inadecuada de f\u00e1brica del analizador."}], "lastModified": "2019-10-09T23:44:33.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8694467-C2A3-42A1-8BB7-6D038E2DDA89", "versionEndIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}