In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsma-19-248-01 | Mitigation Third Party Advisory US Government Resource |
https://www.us-cert.gov/ics/advisories/icsma-19-248-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.us-cert.gov/ics/advisories/icsma-19-248-01 - Mitigation, Third Party Advisory, US Government Resource |
Information
Published : 2019-09-06 14:15
Updated : 2024-11-21 04:25
NVD link : CVE-2019-13517
Mitre link : CVE-2019-13517
CVE.ORG link : CVE-2019-13517
JSON object : View
Products Affected
bd
- pyxis_es
- pyxis_enterprise_server
CWE
CWE-384
Session Fixation