CVE-2019-14823 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.4 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
redhat	CNA	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
jss_cryptomanager_project	jss_cryptomanager	4.4.6 ≤ 𝑥 ≤ 4.4.7
jss_cryptomanager_project	jss_cryptomanager	4.5.3 ≤ 𝑥 ≤ 4.5.4
jss_cryptomanager_project	jss_cryptomanager	4.6.0 ≤ 𝑥 ≤ 4.6.2
redhat	enterprise_linux	6.0
redhat	enterprise_linux	6.1
redhat	enterprise_linux	6.2
redhat	enterprise_linux	6.3
redhat	enterprise_linux	6.4
redhat	enterprise_linux	6.5
redhat	enterprise_linux	6.6
redhat	enterprise_linux	6.7
redhat	enterprise_linux	6.8
redhat	enterprise_linux	6.9
redhat	enterprise_linux	6.10
redhat	enterprise_linux	7.0
redhat	enterprise_linux	7.1
redhat	enterprise_linux	7.2
redhat	enterprise_linux	7.3
redhat	enterprise_linux	7.4
redhat	enterprise_linux	7.5
redhat	enterprise_linux	7.6
redhat	enterprise_linux	7.7
redhat	enterprise_linux	8.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

jss

bookworm	5.3.0-1 fixed
bullseye	4.8.0-2 fixed
buster	not-affected
jessie	not-affected
sid	5.5.0-1 fixed
stretch	not-affected
trixie	5.5.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libjss-java

bionic	dne
disco	dne
trusty	dne
xenial	dne

Known Exploits!

Common Weakness Enumeration

CWE-358 - Improperly Implemented Security Check for Standard
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://access.redhat.com/errata/RHSA-2019:3067

https://access.redhat.com/errata/RHSA-2019:3225

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/

https://access.redhat.com/errata/RHSA-2019:3067

https://access.redhat.com/errata/RHSA-2019:3225

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/