How severe is CVE-2019-14222?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-14222?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2019-14222

CRITICAL Year: 2019

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-1188

View all →

Vulnerability Description

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.

CVE-2014-0234

CRITICAL

CVSS:9.8(Critical)

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing th...

CWE-11882014

CVE-2017-12739

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected d...

CWE-11882017

CVE-2017-5178

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is instal...

CWE-11882017

CVE-2017-8021

CRITICAL

CVSS:9.8(Critical)

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

CWE-11882017

CVE-2017-8218

CRITICAL

CVSS:9.8(Critical)

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, ...

CWE-11882017

CVE-2018-10968

CRITICAL

CVSS:9.8(Critical)

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.

CWE-11882018

CVE-2019-14222

Vulnerability Description

Related Vulnerabilities

CVE-2014-0234

CVE-2017-12739

CVE-2017-5178

CVE-2017-8021

CVE-2017-8218

CVE-2018-10968