CVE-2019-7312

EUVD-2019-16856

03.02.2019, 08:29

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Affected Products (NVD)

Vendor	Product	Version
primx	zed	𝑥 < 1.0.195
primx	zed	𝑥 < 1.0.195
primx	zed	𝑥 < 1.0.199
primx	zed	𝑥 < 1.0.199
primx	zed	𝑥 < 1.0.199
primx	zed	𝑥 < 1.0.199
primx	zed	𝑥 < 2.0.199
primx	zed	𝑥 < 2.0.199
primx	zed	𝑥 < 6.1.2240
primx	zedmail	𝑥 < 6.1.2240
primx	zonecentral	𝑥 < 6.1.2240

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://www.primx.eu/en/bulletins/security-bulletin-19110545