CVE-2019-4394 - Vulnerability Details

Vendors	Products
Ibm	Cloud Orchestrator

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/162232
https://www.ibm.com/support/pages/node/1097301

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cloud Orchestrator", "vendor": "IBM", "versions": [{"status": "affected", "version": "2.4"}, {"status": "affected", "version": "2.4.0.1"}, {"status": "affected", "version": "2.4.0.2"}, {"status": "affected", "version": "2.5"}, {"status": "affected", "version": "2.5.0.1"}, {"status": "affected", "version": "2.4.0.3"}, {"status": "affected", "version": "2.5.0.2"}, {"status": "affected", "version": "2.4.0.4"}, {"status": "affected", "version": "2.5.0.3"}, {"status": "affected", "version": "2.5.0.4"}, {"status": "affected", "version": "2.4.0.5"}, {"status": "affected", "version": "2.5.0.5"}, {"status": "affected", "version": "2.5.0.6"}, {"status": "affected", "version": "2.5.0.7"}, {"status": "affected", "version": "2.5.0.8"}, {"status": "affected", "version": "2.5.0.9"}]}], "datePublic": "2019-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 2, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/I:L/PR:H/A:N/UI:N/S:U/C:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-25T16:30:35", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/1097301"}, {"name": "ibm-co-cve20194394-sec-bypass (162232)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-10-23T00:00:00", "ID": "CVE-2019-4394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Orchestrator", "version": {"version_data": [{"version_value": "2.4"}, {"version_value": "2.4.0.1"}, {"version_value": "2.4.0.2"}, {"version_value": "2.5"}, {"version_value": "2.5.0.1"}, {"version_value": "2.4.0.3"}, {"version_value": "2.5.0.2"}, {"version_value": "2.4.0.4"}, {"version_value": "2.5.0.3"}, {"version_value": "2.5.0.4"}, {"version_value": "2.4.0.5"}, {"version_value": "2.5.0.5"}, {"version_value": "2.5.0.6"}, {"version_value": "2.5.0.7"}, {"version_value": "2.5.0.8"}, {"version_value": "2.5.0.9"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "L", "C": "N", "I": "L", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/1097301", "refsource": "CONFIRM", "title": "IBM Security Bulletin 1097301 (Cloud Orchestrator)", "url": "https://www.ibm.com/support/pages/node/1097301"}, {"name": "ibm-co-cve20194394-sec-bypass (162232)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:33:37.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/1097301"}, {"name": "ibm-co-cve20194394-sec-bypass (162232)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4394", "datePublished": "2019-10-25T16:30:35.128736Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T00:26:43.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cloud Orchestrator (string)

vendor : IBM (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.4 (string)

}

1 : { »

status : affected (string)

version : 2.4.0.1 (string)

}

2 : { »

status : affected (string)

version : 2.4.0.2 (string)

}

3 : { »

status : affected (string)

version : 2.5 (string)

}

4 : { »

status : affected (string)

version : 2.5.0.1 (string)

}

5 : { »

status : affected (string)

version : 2.4.0.3 (string)

}

6 : { »

status : affected (string)

version : 2.5.0.2 (string)

}

7 : { »

status : affected (string)

version : 2.4.0.4 (string)

}

8 : { »

status : affected (string)

version : 2.5.0.3 (string)

}

9 : { »

status : affected (string)

version : 2.5.0.4 (string)

}

10 : { »

status : affected (string)

version : 2.4.0.5 (string)

}

11 : { »

status : affected (string)

version : 2.5.0.5 (string)

}

12 : { »

status : affected (string)

version : 2.5.0.6 (string)

}

13 : { »

status : affected (string)

version : 2.5.0.7 (string)

}

14 : { »

status : affected (string)

version : 2.5.0.8 (string)

}

15 : { »

status : affected (string)

version : 2.5.0.9 (string)

}

]

}

]

datePublic : 2019-10-23T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

exploitCodeMaturity : UNPROVEN (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

remediationLevel : OFFICIAL_FIX (string)

reportConfidence : CONFIRMED (string)

scope : UNCHANGED (string)

temporalScore : 2 (number)

temporalSeverity : LOW (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/I:L/PR:H/A:N/UI:N/S:U/C:N/RL:O/E:U/RC:C (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Bypass Security (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-10-25T16:30:35 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.ibm.com/support/pages/node/1097301 (string)

}

1 : { »

name : ibm-co-cve20194394-sec-bypass (162232) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/162232 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

DATE_PUBLIC : 2019-10-23T00:00:00 (string)

ID : CVE-2019-4394 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cloud Orchestrator (string)

version : { »

version_data : [ »

0 : { »

version_value : 2.4 (string)

}

1 : { »

version_value : 2.4.0.1 (string)

}

2 : { »

version_value : 2.4.0.2 (string)

}

3 : { »

version_value : 2.5 (string)

}

4 : { »

version_value : 2.5.0.1 (string)

}

5 : { »

version_value : 2.4.0.3 (string)

}

6 : { »

version_value : 2.5.0.2 (string)

}

7 : { »

version_value : 2.4.0.4 (string)

}

8 : { »

version_value : 2.5.0.3 (string)

}

9 : { »

version_value : 2.5.0.4 (string)

}

10 : { »

version_value : 2.4.0.5 (string)

}

11 : { »

version_value : 2.5.0.5 (string)

}

12 : { »

version_value : 2.5.0.6 (string)

}

13 : { »

version_value : 2.5.0.7 (string)

}

14 : { »

version_value : 2.5.0.8 (string)

}

15 : { »

version_value : 2.5.0.9 (string)

}

]

}

]

}

vendor_name : IBM (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. (string)

}

]

}

impact : { »

cvssv3 : { »

BM : { »

A : N (string)

AC : L (string)

AV : L (string)

C : N (string)

I : L (string)

PR : H (string)

S : U (string)

UI : N (string)

}

TM : { »

E : U (string)

RC : C (string)

RL : O (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Bypass Security (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.ibm.com/support/pages/node/1097301 (string)

refsource : CONFIRM (string)

title : IBM Security Bulletin 1097301 (Cloud Orchestrator) (string)

url : https://www.ibm.com/support/pages/node/1097301 (string)

}

1 : { »

name : ibm-co-cve20194394-sec-bypass (162232) (string)

refsource : XF (string)

title : X-Force Vulnerability Report (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/162232 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T19:33:37.927Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.ibm.com/support/pages/node/1097301 (string)

}

1 : { »

name : ibm-co-cve20194394-sec-bypass (162232) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/162232 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2019-4394 (string)

datePublished : 2019-10-25T16:30:35.128736Z (string)

dateReserved : 2019-01-03T00:00:00 (string)

dateUpdated : 2024-09-17T00:26:43.226Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:*", "matchCriteriaId": "C122C107-AD04-48A7-8C95-9907063E45F8", "versionEndIncluding": "2.4.0.5", "versionStartIncluding": "2.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A033CBB2-4F3C-43D9-A0C4-E0DDFB4EE702", "versionEndIncluding": "2.4.0.5", "versionStartIncluding": "2.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:*", "matchCriteriaId": "E61F3D16-BB6E-4FA4-A3C2-A05F3C613C8A", "versionEndIncluding": "2.5.0.9", "versionStartIncluding": "2.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6661F2D4-F106-4FA9-B40D-CDD562FCAE91", "versionEndIncluding": "2.5.0.9", "versionStartIncluding": "2.5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232."}, {"lang": "es", "value": "IBM Cloud Orchestrator versiones 2.4 hasta 2.4.0.5 y versiones 2.5 hasta 2.5.0.9, contienen unas API que podr\u00edan ser usadas por parte de un usuario local para enviar correos electr\u00f3nicos. ID de IBM X-Force: 162232."}], "id": "CVE-2019-4394", "lastModified": "2024-11-21T04:43:33.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-25T17:15:11.117", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/1097301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/1097301"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:* (string)

matchCriteriaId : C122C107-AD04-48A7-8C95-9907063E45F8 (string)

versionEndIncluding : 2.4.0.5 (string)

versionStartIncluding : 2.4.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : A033CBB2-4F3C-43D9-A0C4-E0DDFB4EE702 (string)

versionEndIncluding : 2.4.0.5 (string)

versionStartIncluding : 2.4.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:-:*:*:* (string)

matchCriteriaId : E61F3D16-BB6E-4FA4-A3C2-A05F3C613C8A (string)

versionEndIncluding : 2.5.0.9 (string)

versionStartIncluding : 2.5.0.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:cloud_orchestrator:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 6661F2D4-F106-4FA9-B40D-CDD562FCAE91 (string)

versionEndIncluding : 2.5.0.9 (string)

versionStartIncluding : 2.5.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. (string)

}

1 : { »

lang : es (string)

value : IBM Cloud Orchestrator versiones 2.4 hasta 2.4.0.5 y versiones 2.5 hasta 2.5.0.9, contienen unas API que podrían ser usadas por parte de un usuario local para enviar correos electrónicos. ID de IBM X-Force: 162232. (string)

}

]

id : CVE-2019-4394 (string)

lastModified : 2024-11-21T04:43:33.067 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 1.4 (number)

source : psirt@us.ibm.com (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-10-25T17:15:11.117 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/162232 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/1097301 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/162232 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/1097301 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object