CVE-2019-13021

{"id": "CVE-2019-13021", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-05-14T17:15:11.677", "references": [{"url": "https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties."}, {"lang": "es", "value": "Las contrase\u00f1as administrativas para todas las versiones de Bond JetSelect son almacenadas dentro de un archivo desprotegido en el sistema de archivos, en lugar de cifrarse dentro de la base de datos de MySQL. Esta copia de seguridad de las contrase\u00f1as es realizada como parte del script de instalaci\u00f3n, despu\u00e9s de que el administrador haya generado una contrase\u00f1a usando ENCtool.jar (consulte CVE-2019-13022). Esto permite que cualquier usuario con pocos privilegios que pueda leer este archivo obtenga trivialmente las contrase\u00f1as de las cuentas administrativas de la aplicaci\u00f3n JetSelect. La ruta al archivo que contiene el hash de contrase\u00f1a codificada es /opt/JetSelect/SFC/resources/sfc-general-properties."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jetstream:jetselect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89304F8-EEC0-44DA-9986-66CD144E334A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}