Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-18956

EPSS 15.68% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-18956

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Divisa Proxia Suite、SparkSpace和Proxia PHR 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Divisa Proxia Suite是提供结合了简单性、强大功能、稳健性、可扩展性和安全性的整体解决方案。 Divisa Proxia Suite、SparkSpace和Proxia PHR中存在代码问题漏洞,该漏洞源于dv2eemvc库以不安全的方式反序列化了cookie。攻击者可借助序列化的payload利用该漏洞执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-18956

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-18956

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-12-17 · 33 CVEs total

CVE-2019-19315Nalpeiron Licensing Service 安全漏洞
CVE-2019-19830SPIP 输入验证错误漏洞
CVE-2019-19814Linux kernel 缓冲区错误漏洞
CVE-2019-19813Linux kernel 资源管理错误漏洞
CVE-2019-19816Linux kernel 缓冲区错误漏洞
CVE-2019-19815Linux kernel 代码问题漏洞
CVE-2019-18824Barco ClickShare Button R9861500D01 输入验证错误漏洞
CVE-2019-18825Barco ClickShare Huddle CS-100和CSE-200 安全漏洞
CVE-2019-18829Barco ClickShare Button R9861500D01 代码问题漏洞
CVE-2019-18832Barco ClickShare Button R9861500D01 安全漏洞
CVE-2019-18833Barco ClickShare Button R9861500D01 安全漏洞
CVE-2019-19264Simplifile RecordFusion 信息泄露漏洞
CVE-2019-19712Contao 信息泄露漏洞
CVE-2019-19714Contao 安全漏洞
CVE-2019-19745Contao 代码问题漏洞
CVE-2019-19675Ivanti Workspace Control 安全漏洞
CVE-2019-18257Advantech DiagAnywhere Server 缓冲区错误漏洞
CVE-2019-19847Libspiro 缓冲区错误漏洞
CVE-2019-18670Acer Quick Access 安全漏洞
CVE-2019-15235CentOS Web Panel 日志信息泄露漏洞

Showing top 20 of 33 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-18956

No comments yet

Leave a comment