SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2019-10716

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.7		CVSS Score : 4.0
Exploit Score: 3.1		Exploit Score: 8.0
Impact Score: 4.0		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: LOW		Authentication: SINGLE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: CHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: NONE
Availability: NONE

Reference:

http://packetstormsecurity.com/files/156214/Verodin-Director-Web-Console-3.5.4.0-Password-Disclosure.html

http://www.nolanbkennedy.com/post/cve-2019-10716-information-disclosure-verodin-director

https://www.verodin.com/

https://www.verodin.com/technology/platform


30479



423868



248392



909



195452



282