CVE-2019-14415

{"id": "CVE-2019-14415", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2019-07-29T20:15:12.233", "references": [{"url": "http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/Jul/39", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.veritas.com/content/support/en_US/security/VTS19-002.html#Issue4", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Veritas Resiliencia Platform (VRP) anterior a versi\u00f3n 3.4 HF1. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente permite a un usuario de VRP malicioso inyectar script malicioso en el navegador de otro usuario, relacionada con la funcionalidad de los planes de resiliencia. Una v\u00edctima debe abrir un plan de resiliencia al que un atacante tenga acceso."}], "lastModified": "2023-03-03T19:15:03.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:resiliency_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "815D07F7-2DDE-4EFD-8C51-7E77EE6B7646", "versionEndExcluding": "3.3.2"}, {"criteria": "cpe:2.3:a:veritas:resiliency_platform:3.3.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C18635CA-3ED5-47AF-9416-E2CD4DADAFC0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}