CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://www.couchbase.com/resources/security#SecurityAlerts
https://www.couchbase.com/resources/security#SecurityAlerts

Products affected by CVE-2019-11466

Couchbase » Couchbase Server » Version: 5.5.0

cpe:2.3:a:couchbase:couchbase_server:5.5.0
Couchbase » Couchbase Server » Version: 6.0.0

cpe:2.3:a:couchbase:couchbase_server:6.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11466

Products

Pricing

Contact Us