CVE-2019-11242

{"id": "CVE-2019-11242", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-07-12T20:15:10.987", "references": [{"url": "https://github.com/cohesity/SecAdvisory/blob/master/README.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/cohesity/SecAdvisory/blob/master/README.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo man-in-the-middle relacionada con el acceso de vCenter se encontr\u00f3 en Cohesity DataPlatform versiones 5.x y 6.x anterior a 6.1.1c. Los clusters de Cohesity no comprobaron los certificados TLS presentados por vCenter. Esta vulnerabilidad podr\u00eda exponer las credenciales de usuario de Cohesity configuradas para acceder a vCenter."}], "lastModified": "2024-11-21T04:20:47.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cohesity:dataplatform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C605C818-2175-438F-A015-A3D2C584131A", "versionEndExcluding": "6.1.1c", "versionStartIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}