CVE-2019-15088

Published: Sep 20, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

Affected (1)

Products: Prise: Adas

Prise

1 product

Adas

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prise Adas	Version 1.7.0

References (4)

http://www.adas-sso.com/es/extra/download.php

Source: cve@mitre.org

Product

https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas

Source: cve@mitre.org

PatchThird Party Advisory

http://www.adas-sso.com/es/extra/download.php

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.