How severe is CVE-2019-6716?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2019-6716?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2019-6716 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.

Related Vulnerabilities

CVE-2024-5128

CRITICAL

CVSS:9.4(Critical)

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update,...

CWE-6392024

CVE-2022-1996

CRITICAL

CVSS:9.3(Critical)

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

CWE-6392022

CVE-2024-5619

CRITICAL

CVSS:9.6(Critical)

Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...

CWE-6392024

CVE-2019-17382

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repor...

CWE-6392019

CVE-2019-17574

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or p...

CWE-6392019

CVE-2019-19755

CRITICAL

CVSS:9.1(Critical)

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: a...

CWE-6392019