CVE-2019-1019

HIGH Year: 2019
CVSS v3 Score
8.5
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Related Vulnerabilities

CVE-2015-7429

HIGH
CVSS:8.5(High)

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and ...

CWE-2002015

CVE-2015-7928

HIGH
CVSS:8.5(High)

eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended worksta...

CWE-2002015

CVE-2016-1499

HIGH
CVSS:8.5(High)

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of servi...

CWE-2002016

CVE-2015-6862

HIGH
CVSS:8.4(High)

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

CWE-2002015

CVE-2015-7932

HIGH
CVSS:8.6(High)

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.

CWE-2002015

CVE-2015-7934

HIGH
CVSS:8.6(High)

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.

CWE-2002015