Skip to main content

Oncommand Workflow Automation CVE-2019-5503

MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2019-09-10 security-alert@netapp.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 10, 2019 - 16:15 nvd
MEDIUM 5.3

DescriptionNVD

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

AnalysisAI

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Affected products include: Netapp Oncommand Workflow Automation. Version information: prior to 5.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2015-3292 CRITICAL POC
10.0 May 31

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wir

CVE-2023-38545 CRITICAL POC
9.8 Oct 18

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), thi

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

CVE-2019-17571 CRITICAL
9.8 Dec 20

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be explo

CVE-2018-11776 HIGH POC
8.1 Aug 22

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN

CVE-2022-23457 CRITICAL POC
9.8 Apr 25

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Rated critic

CVE-2021-22931 CRITICAL POC
9.8 Aug 16

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to miss

CVE-2019-3822 CRITICAL POC
9.8 Feb 06

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (

CVE-2024-28752 CRITICAL POC
9.3 Mar 15

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attac

CVE-2018-10933 CRITICAL POC
9.1 Oct 17

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity

Share

CVE-2019-5503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy