CVE-2019-19104
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | TG/S 3.2 Telephone Gateway | 2CDG 110 135 R0011 | affected |
| Busch-Jaeger | 6186/11 Telefon-Gateway | 2CKA006136A0187 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.