How severe is CVE-2019-19127?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2019-19127?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2019-19127 - HIGH Severity | CVSS 8.1

Vulnerability Description

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.

Related Vulnerabilities

CVE-2017-1694

HIGH

CVSS:8.1(High)

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.

CWE-3192017

CVE-2017-6432

HIGH

CVSS:8.1(High)

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man...

CWE-3192017

CVE-2018-13140

HIGH

CVSS:8.1(High)

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

CWE-3192018

CVE-2018-1360

HIGH

CVSS:8.1(High)

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to r...

CWE-3192018

CVE-2018-15752

HIGH

CVSS:8.1(High)

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authen...

CWE-3192018

CVE-2018-7298

HIGH

CVSS:8.1(High)

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protect...

CWE-3192018