CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-7666

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.211

EPSS Ranking 95.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html
https://applied-risk.com/labs/advisories
https://www.applied-risk.com/resources/ar-2019-007
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html
https://applied-risk.com/labs/advisories
https://www.applied-risk.com/resources/ar-2019-007
https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Products affected by CVE-2019-7666

Primasystems » Flexair » Version: 2.3.38

cpe:2.3:a:primasystems:flexair:2.3.38

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7666

Products

Pricing

Contact Us