CVE-2019-7312

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-19110545	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:primx:zed:::::free:windows::
	cpe:2.3:a:primx:zed:::::pro:windows::
	cpe:2.3:a:primx:zed:::::free:linux::
	cpe:2.3:a:primx:zed:::::free:mac::
	cpe:2.3:a:primx:zed:::::pro:linux::
	cpe:2.3:a:primx:zed:::::pro:mac::
	cpe:2.3:a:primx:zed:::::entreprise:linux::
	cpe:2.3:a:primx:zed:::::entreprise:mac::
	cpe:2.3:a:primx:zed:::::entreprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

History

No history.

Information

Published : 2019-02-03 08:29

Updated : 2024-02-04 20:03

NVD link : CVE-2019-7312

Mitre link : CVE-2019-7312

CVE.ORG link : CVE-2019-7312

JSON object : View

Products Affected

primx

zedmail
zonecentral
zed

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2019-7312", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-02-03T08:29:00.293", "references": [{"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."}, {"lang": "es", "value": "Existe la divulgaci\u00f3n de texto plano limitada en PRIMX Zed Entreprise para Windows, en versiones anteriores a la 6.1.2240, en Zed Entreprise para Windows [env\u00edo de calificaci\u00f3n ANSSI] en versiones anteriores a la 6.1.2150, en Zed Entreprise para Mac en versiones 2.0.199, en Zed Entreprise para Linux en versiones 2.0.199, en Zed Pro para Windows en versiones anteriores a la 1.0.195, en Zed Pro para Mac en versiones anteriores a la 1.0.199, en Zed Pro para Linux en versiones anteriores a la 1.0.199, en Zed Free para Windows en versiones anteriores a la 1.0.195, en Zed Free para Mac en versiones anteriores a la 1.0.199 y en Zed Free para Linux en versiones anteriores a la 1.0.199. El an\u00e1lisis de un contenedor Zed puede conducir a la divulgaci\u00f3n del contenido de texto plano de archivos muy peque\u00f1os (unos pocos bytes) almacenados en dicho contenedor."}], "lastModified": "2019-02-26T16:19:38.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "4DC7B453-8DA5-4764-A4FD-77FB06E98737", "versionEndExcluding": "1.0.195"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:windows:*:*", "vulnerable": true, "matchCriteriaId": "A5C990BE-473E-4471-BECE-210902EF8F04", "versionEndExcluding": "1.0.195"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:linux:*:*", "vulnerable": true, "matchCriteriaId": "60B2C638-AD0A-4C93-ACA3-1BDAC971F2E1", "versionEndExcluding": "1.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:mac:*:*", "vulnerable": true, "matchCriteriaId": "93EA97A8-DD10-4F1C-9356-BDB503B6AE91", "versionEndExcluding": "1.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:linux:*:*", "vulnerable": true, "matchCriteriaId": "E4086B4A-B6C4-4EE2-8A69-DFDBC9DA6D03", "versionEndExcluding": "1.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:mac:*:*", "vulnerable": true, "matchCriteriaId": "D45A9E55-703D-4A17-8EAE-B96B91DF2D1A", "versionEndExcluding": "1.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:linux:*:*", "vulnerable": true, "matchCriteriaId": "DFD43D83-1DBF-4F41-90CA-585109597003", "versionEndExcluding": "2.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:mac:*:*", "vulnerable": true, "matchCriteriaId": "F8EAE130-AE29-48FB-A156-C1E1D8C176C6", "versionEndExcluding": "2.0.199"}, {"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:windows:*:*", "vulnerable": true, "matchCriteriaId": "64372E28-DDC9-4DFC-AF2F-B46CBF74E066", "versionEndExcluding": "6.1.2240"}, {"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9AC207CC-0888-47ED-A8EE-260D1C71BF33", "versionEndExcluding": "6.1.2240"}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CCA5A62E-8D4C-4BD5-9AB0-9CAB5DABFE28", "versionEndExcluding": "6.1.2240"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}