How severe is CVE-2019-6581?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-6581?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-6581 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Related Vulnerabilities

CVE-2016-1710

HIGH

CVSS:8.8(High)

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which ...

CWE-2852016

CVE-2016-1711

HIGH

CVSS:8.8(High)

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows r...

CWE-2852016

CVE-2016-3352

HIGH

CVSS:8.8(High)

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via...

CWE-2852016

CVE-2016-7071

HIGH

CVSS:8.8(High)

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbi...

CWE-2852016

CVE-2016-9217

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mor...

CWE-2852016

CVE-2017-0926

HIGH

CVSS:8.8(High)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

CWE-2852017