How severe is CVE-2019-12794?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2019-12794?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2019-12794

MEDIUM Year: 2019

CVSS v3 Score

6.6

Medium

CVSS v2 Score

6.0

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.

CVE-2017-5623

MEDIUM

CVSS:6.6(Medium)

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in...

CWE-2692017

CVE-2017-8032

MEDIUM

CVSS:6.6(Medium)

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and othe...

CWE-2692017

CVE-2021-1371

MEDIUM

CVSS:6.6(Medium)

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the...

CWE-2692021

CVE-2023-30024

MEDIUM

CVSS:6.6(Medium)

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the origi...

CWE-2692023

CVE-2023-32196

HIGH

CVSS:6.6(Medium)

A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalati...

CWE-2692023

CVE-2023-32197

HIGH

CVSS:6.6(Medium)

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2...

CWE-2692023

CVE-2019-12794

Vulnerability Description

Related Vulnerabilities

CVE-2017-5623

CVE-2017-8032

CVE-2021-1371

CVE-2023-30024

CVE-2023-32196

CVE-2023-32197