CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://know.bishopfox.com/advisories	Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical	Exploit Third Party Advisory
https://www.solismed.com/	Product
https://know.bishopfox.com/advisories	Third Party Advisory
https://know.bishopfox.com/advisories/solismed-critical	Exploit Third Party Advisory
https://www.solismed.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:intesync:solismed:3.3:sp1:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-12 14:15

Updated : 2024-11-21 04:32

NVD link : CVE-2019-17428

Mitre link : CVE-2019-17428

CVE.ORG link : CVE-2019-17428

JSON object : View

Products Affected

intesync

solismed

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2019-17428", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-12-12T14:15:16.210", "references": [{"url": "https://know.bishopfox.com/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://know.bishopfox.com/advisories/solismed-critical", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.solismed.com/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://know.bishopfox.com/advisories", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://know.bishopfox.com/advisories/solismed-critical", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.solismed.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Intesync Solismed versi\u00f3n 3.3sp1. Se presenta un fallo en la implementaci\u00f3n del cifrado, permitiendo que todos los datos cifrados almacenados dentro de la base de datos sean descifrados."}], "lastModified": "2024-11-21T04:32:18.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intesync:solismed:3.3:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05592345-858D-4046-A6CD-80BEB9524DD8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}