CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11029

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution
https://www.kyberturvallisuuskeskus.fi/en/vulnerabilities-mirasys-vms-video-management-solution

Products affected by CVE-2019-11029

Mirasys » Mirasys Vms » Version: 7.6.0

cpe:2.3:a:mirasys:mirasys_vms:7.6.0
Mirasys » Mirasys Vms » Version: 8.0.0

cpe:2.3:a:mirasys:mirasys_vms:8.0.0
Mirasys » Mirasys Vms » Version: 8.3.1

cpe:2.3:a:mirasys:mirasys_vms:8.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11029

Products

Pricing

Contact Us