CVE-2019-0130

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS v3 7.4 HIGH
CVSS v2.0 4.3 MEDIUM

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/108775	Broken Link Third Party Advisory VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-27843	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-13 16:29

Updated : 2023-03-02 16:15

NVD link : CVE-2019-0130

Mitre link : CVE-2019-0130

CVE.ORG link : CVE-2019-0130

JSON object : View

Products Affected

intel

rapid_storage_technology_enterprise

lenovo

thinkstation_p520c
thinkstation_p720_firmware
thinkstation_p920
thinkstation_p520c_firmware
thinkstation_p520
thinkstation_p920_firmware
thinkstation_p720
thinkstation_p520_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2019-0130", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2019-06-13T16:29:00.403", "references": [{"url": "http://www.securityfocus.com/bid/108775", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@intel.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-27843", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access."}, {"lang": "es", "value": "Un XSS reflejado en la interfaz web para Accelerated Storage Manager de Intel\u00ae en RSTe de Intel\u00ae anterior a versi\u00f3n 5.5.0.2015, puede permitir que un usuario no autenticado pueda habilitar potencialmente la denegaci\u00f3n de servicio por medio de un acceso a la red."}], "lastModified": "2023-03-02T16:15:19.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:rapid_storage_technology_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "901DA51D-7BEA-4DD6-9ADF-B776D2218C47", "versionEndExcluding": "5.5.0.2015"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BA83987-B0E4-4BF8-8379-43B90420AAFD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6840BC60-44C3-4EA8-96D3-E93796C15310"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p520c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6E5525D-2EA6-4226-A6A3-5C1E442720E1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0431D83D-1AC8-4EDE-8568-8695F8E68C35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p720_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0530CA83-60EA-422B-B0D1-6193336E0AD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p720:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77DF681-F12F-4643-B5E1-1BEDE613E343"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkstation_p920_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0B747D-09A0-4FBE-9984-6FDFD38CAADE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D47FCAA7-B33F-4F00-85BA-AA8ED4790572"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}