Vulnerability Details : CVE-2019-12000
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.
Products affected by CVE-2019-12000
- cpe:2.3:a:hp:mse_msg_gw_application_e-ltu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12000
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12000
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:M/Au:M/C:P/I:P/A:P |
5.5
|
6.4
|
NIST | |
6.6
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.7
|
5.9
|
NIST |
CWE ids for CVE-2019-12000
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12000
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03979en_us
HPESBMU03979 rev.1 - HPE MSE Msg Gw application, multiple remote vulnerabilityVendor Advisory
Jump to