CVE-2019-19859 : An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.

Published 2020-01-15 23:15:12

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19859

Serpico Project » Serpico » Version: 1.3.0
cpe:2.3:a:serpico_project:serpico:1.3.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-19859

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-19859

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2019-19859

https://www.websec.nl/news.php

WebSec - Cyber and Information Security
Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-19859

Products affected by CVE-2019-19859

Exploit prediction scoring system (EPSS) score for CVE-2019-19859

CVSS scores for CVE-2019-19859

References for CVE-2019-19859