cvelistv5 - cve-2019-3947

cve-2019-3947

Vulnerability from cvelistv5

Published

2019-06-12 14:06

Modified

2024-08-04 19:26

Severity ?

Summary

References

URL	Tags
vulnreport@tenable.com	http://www.securityfocus.com/bid/108740
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2019-27	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108740
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2019-27	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	Fuji Electric V-Server	Version: Versions prior to 6.0.33.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "name": "108740",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108740"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fuji Electric V-Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 6.0.33.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Plaintext storage of credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-13T11:06:07",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2019-27"
        },
        {
          "name": "108740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108740"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fuji Electric V-Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 6.0.33.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Plaintext storage of credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-27",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2019-27"
            },
            {
              "name": "108740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2019-3947",
    "datePublished": "2019-06-12T14:06:57",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-08-04T19:26:27.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3947\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2019-06-12T15:29:00.910\",\"lastModified\":\"2024-11-21T04:42:55.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.\"},{\"lang\":\"es\",\"value\":\"Fuji Electric V-Server anterior 6.0.33.0 almacena credenciales en archivos de proyecto como plaintext un atacante que puede obtener accesos para los archivos de proyecto puede recuperar las credenciales de bases de datos y conseguir acceso a la base de datos del servidor\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujielectric:v-server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.33.0\",\"matchCriteriaId\":\"F47D918A-C673-47E3-8C59-64F116247C25\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108740\",\"source\":\"vulnreport@tenable.com\"},{\"url\":\"https://www.tenable.com/security/research/tra-2019-27\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/research/tra-2019-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

gsd-2019-3947

Vulnerability from gsd

Modified

2023-12-13 01:24

Details

Aliases

CVE-2019-3947

Aliases

CVE-2019-3947

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3947",
    "description": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.",
    "id": "GSD-2019-3947"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3947"
      ],
      "details": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.",
      "id": "GSD-2019-3947",
      "modified": "2023-12-13T01:24:02.847908Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "ID": "CVE-2019-3947",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fuji Electric V-Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions prior to 6.0.33.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Plaintext storage of credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.tenable.com/security/research/tra-2019-27",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2019-27"
          },
          {
            "name": "108740",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108740"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.33.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3947"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-27",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2019-27"
            },
            {
              "name": "108740",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/108740"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-06-12T15:29Z"
    }
  }
}

ghsa-grf6-v344-mj9v

Vulnerability from github

Published

2022-05-24 22:00

Modified

2022-05-24 22:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3947"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-12T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.",
  "id": "GHSA-grf6-v344-mj9v",
  "modified": "2022-05-24T22:00:07Z",
  "published": "2022-05-24T22:00:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3947"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2019-27"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108740"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0328",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "v-server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fujielectric",
        "version": "6.0.33.0"
      },
      {
        "model": "v-server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fuji electric",
        "version": "6.0.33.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.9.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.8.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.7.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.6.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.5.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.4.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.32.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.31.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.30.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.3.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.29.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.28.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.27.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.26.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.25.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.24.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.23.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.22.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.21.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.20.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.2.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.19.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.18.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.17.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.16.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.15.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.14.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.13.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.12.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.11.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.10.0"
      },
      {
        "model": "electric monitouch v-sft",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fuji",
        "version": "6.0.33.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fujielectric:v-server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tenable",
    "sources": [
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-3947",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-3947",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-3947",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-3947",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-3947",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-558",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-3947",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities:\n1. A remote denial-of-service vulnerability\n2. An information disclosure vulnerability\nAn attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . \nVersions prior to V-SFT 6.0.33.0 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3947"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "TENABLE",
        "id": "TRA-2019-27",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108740",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3947",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "id": "VAR-201906-0328",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.65
  },
  "last_update_date": "2024-11-23T22:33:54.379000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "V-Server",
        "trust": 0.8,
        "url": "https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html"
      },
      {
        "title": "Fuji Electric V-Server Repair measures for trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.tenable.com/security/research/tra-2019-27"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/108740"
      },
      {
        "trust": 0.9,
        "url": "http://www.fujielectric.com/"
      },
      {
        "trust": 0.9,
        "url": "https://monitouch.fujielectric.com/site/support-e/more-index-t.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3947"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/522.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "db": "BID",
        "id": "108740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "date": "2019-06-11T00:00:00",
        "db": "BID",
        "id": "108740"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "date": "2019-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "date": "2019-06-12T15:29:00.910000",
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3947"
      },
      {
        "date": "2019-06-11T00:00:00",
        "db": "BID",
        "id": "108740"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      },
      {
        "date": "2024-11-21T04:42:55.407000",
        "db": "NVD",
        "id": "CVE-2019-3947"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fuji Electric V-Server Vulnerabilities related to certificate and password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005462"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-558"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-3947

Vulnerability from fkie_nvd

Published

2019-06-12 15:29

Modified

2024-11-21 04:42

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vulnreport@tenable.com	http://www.securityfocus.com/bid/108740
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2019-27	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108740
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2019-27	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	fujielectric	v-server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fujielectric:v-server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47D918A-C673-47E3-8C59-64F116247C25",
              "versionEndExcluding": "6.0.33.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
    },
    {
      "lang": "es",
      "value": "Fuji Electric V-Server anterior 6.0.33.0 almacena credenciales en archivos de proyecto como plaintext un atacante que puede obtener accesos para los archivos de proyecto puede recuperar las credenciales de bases de datos y conseguir acceso a la base de datos del servidor"
    }
  ],
  "id": "CVE-2019-3947",
  "lastModified": "2024-11-21T04:42:55.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-12T15:29:00.910",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "url": "http://www.securityfocus.com/bid/108740"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/108740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2019-27"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2019-3947

Vulnerability from cvelistv5

gsd-2019-3947

Vulnerability from gsd

ghsa-grf6-v344-mj9v

Vulnerability from github

var-201906-0328

Vulnerability from variot

fkie_cve-2019-3947

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature