How severe is CVE-2019-13941?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-13941?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2019-13941 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.

Related Vulnerabilities

CVE-2017-11746

HIGH

CVSS:7.5(High)

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tensh...

CWE-5522017

CVE-2017-12079

HIGH

CVSS:7.5(High)

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via pr...

CWE-5522017

CVE-2017-2551

HIGH

CVSS:7.5(High)

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

CWE-5522017

CVE-2018-10863

HIGH

CVSS:7.5(High)

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...

CWE-5522018

CVE-2018-10869

HIGH

CVSS:7.5(High)

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CWE-5522018

CVE-2018-16946

HIGH

CVSS:7.5(High)

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via downl...

CWE-5522018