Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-11553

EPSS 0.21% · P44
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-11553

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Code42 Software Code42 for Enterprise 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Code42 Software Code42 for Enterprise是美国Code42 Software公司的一套企业级数据保护系统。该系统能够检测内部威胁,防止数据泄露、丢失。 Code42 Software Code42 for Enterprise 6.8.4及之前版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-11553

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-11553

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-07-19 · 36 CVEs total

CVE-2019-11989HPE IceWall SSO Agent Option和IceWall MFA 输入验证错误漏洞
CVE-2019-12193H3C H3Cloud OS SQL注入漏洞
CVE-2018-17792MDaemon Webmail 跨站请求伪造漏洞
CVE-2019-12453Microstrategy Web 跨站脚本漏洞
CVE-2019-12820Jisiwei i3 信任管理问题漏洞
CVE-2019-12821Jisiwei i3 安全特征问题漏洞
CVE-2019-13989dpic 缓冲区错误漏洞
CVE-2019-13991Arduino 注入漏洞
CVE-2019-1579Palo Alto Networks PAN-OS 输入验证错误漏洞
CVE-2015-7882Authentication bypass when using LDAP authentication in MongoDB Enterprise Server
CVE-2019-11990HPE UIoT 访问控制错误漏洞
CVE-2019-12725Zeroshell 操作系统命令注入漏洞
CVE-2019-13569WordPress Icegram Email Subscribers & Newsletters插件SQL注入漏洞
CVE-2019-9228多款AudioCodes产品资源管理错误漏洞
CVE-2019-12815ProFTPD 访问控制错误漏洞
CVE-2019-9229多款AudioCodes产品信任管理问题漏洞
CVE-2018-17210PrinterOn Central Print Services 授权问题漏洞
CVE-2019-12934WordPress wp-code-highlightjs插件跨站请求伪造漏洞
CVE-2019-11552Code42 Software CrashPlan for Small Business 代码注入漏洞
CVE-2019-13970antSword 跨站脚本漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-11553

No comments yet

Leave a comment