Vulnerability Details CVE-2019-15719
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 5.2
References
- http://packetstormsecurity.com/files/154782/PBS-Professional-19.2.3-Authentication-Bypass.html
- https://www.hpcsec.com
- https://www.hpcsec.com/2019/10/08/cve-2019-15719/
- https://www.pbspro.org/
- http://packetstormsecurity.com/files/154782/PBS-Professional-19.2.3-Authentication-Bypass.html
- https://www.hpcsec.com
- https://www.hpcsec.com/2019/10/08/cve-2019-15719/
- https://www.pbspro.org/
Products affected by CVE-2019-15719
-
cpe:2.3:a:altair:pbs_professional:13.0.0
-
cpe:2.3:a:altair:pbs_professional:14.1.0
-
cpe:2.3:a:altair:pbs_professional:14.1.2
-
cpe:2.3:a:altair:pbs_professional:18.1.0
-
cpe:2.3:a:altair:pbs_professional:18.1.1
-
cpe:2.3:a:altair:pbs_professional:18.1.2
-
cpe:2.3:a:altair:pbs_professional:18.1.3
-
cpe:2.3:a:altair:pbs_professional:18.1.4
-
cpe:2.3:a:altair:pbs_professional:18.2.1
-
cpe:2.3:a:altair:pbs_professional:18.2.3
-
cpe:2.3:a:altair:pbs_professional:19.1.1
-
cpe:2.3:a:altair:pbs_professional:19.1.2
-
cpe:2.3:a:altair:pbs_professional:19.2.0
-
cpe:2.3:a:altair:pbs_professional:19.2.2
-
cpe:2.3:a:altair:pbs_professional:19.2.3