How severe is CVE-2019-12270?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-12270?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2019-12270 - HIGH Severity | CVSS 7.4

Vulnerability Description

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation.

Related Vulnerabilities

CVE-2018-1386

HIGH

CVSS:7.4(High)

IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain ...

CWE-7322018

CVE-2019-4078

HIGH

CVSS:7.4(High)

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation direc...

CWE-7322019

CVE-2020-4278

HIGH

CVSS:7.4(High)

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug s...

CWE-7322020

CVE-2020-4311

HIGH

CVSS:7.4(High)

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL fi...

CWE-7322020

CVE-2024-1486

HIGH

CVSS:7.4(High)

Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices

CWE-7322024

CVE-2007-5743

HIGH

CVSS:7.5(High)

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

CWE-7322007