Vulnerability Details : CVE-2019-5919
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2019-5919
Probability of exploitation activity in the next 30 days: 0.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-5919
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2019-5919
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5919
-
https://nablarch.atlassian.net/browse/NAB-313
[NAB-313] HIDDENストア機能における暗号化不備対応 - JIRAThird Party Advisory
-
http://jvn.jp/en/jp/JVN56542712/index.html
JVN#56542712: Multiple vulnerabilities in NablarchThird Party Advisory
Products affected by CVE-2019-5919
- cpe:2.3:a:nablarch_project:nablarch:5u1:*:*:*:*:*:*:*
- cpe:2.3:a:nablarch_project:nablarch:5u13:*:*:*:*:*:*:*
- cpe:2.3:a:nablarch_project:nablarch:5:*:*:*:*:*:*:*