Sign-up

ID

VAR-201902-0791


CVE

CVE-2019-0103


TITLE

Intel(R) Data Center Manager SDK Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001860

DESCRIPTION

Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. This product mainly provides real-time power supply and heat dissipation data of equipment

Trust: 1.98

sources: NVD: CVE-2019-0103 // JVNDB: JVNDB-2019-001860 // BID: 107074 // VULHUB: VHN-140134

AFFECTED PRODUCTS

vendor:intelmodel:data center managerscope:ltversion:5.0.2

Trust: 1.0

vendor:intelmodel:data center manager sdkscope:ltversion:5.0.2

Trust: 0.8

vendor:intelmodel:data center manager sdkscope:eqversion:0

Trust: 0.3

vendor:intelmodel:data center manager sdkscope:neversion:5.0.2

Trust: 0.3

sources: BID: 107074 // JVNDB: JVNDB-2019-001860 // NVD: CVE-2019-0103

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0103
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0103
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-693
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140134
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0103
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140134
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0103
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140134 // JVNDB: JVNDB-2019-001860 // CNNVD: CNNVD-201902-693 // NVD: CVE-2019-0103

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-140134 // JVNDB: JVNDB-2019-001860 // NVD: CVE-2019-0103

THREAT TYPE

local

Trust: 0.9

sources: BID: 107074 // CNNVD: CNNVD-201902-693

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-693

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001860

PATCH
title:INTEL-SA-00215url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html
Trust: 0.8
title:Intel Data Center Manager SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89515
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001860 // 
            
            
            
            CNNVD: CNNVD-201902-693

EXTERNAL IDS
db:NVDid:CVE-2019-0103
Trust: 2.8
db:ICS CERTid:ICSA-19-050-01
Trust: 2.8
db:BIDid:107074
Trust: 2.0
db:JVNDBid:JVNDB-2019-001860
Trust: 0.8
db:CNNVDid:CNNVD-201902-693
Trust: 0.7
db:AUSCERTid:ESB-2019.0521
Trust: 0.6
db:NSFOCUSid:42782
Trust: 0.6
db:VULHUBid:VHN-140134
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140134 // 
            
            
            
            BID: 107074 // 
            
            
            
            JVNDB: JVNDB-2019-001860 // 
            
            
            
            CNNVD: CNNVD-201902-693 // 
            
            
            
            NVD: CVE-2019-0103

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-050-01
Trust: 3.4
url:http://www.securityfocus.com/bid/107074
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00215.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0103
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0103
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75830
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42782
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140134 // 
            
            
            
            BID: 107074 // 
            
            
            
            JVNDB: JVNDB-2019-001860 // 
            
            
            
            CNNVD: CNNVD-201902-693 // 
            
            
            
            NVD: CVE-2019-0103

CREDITS
Intel’s Product Security Incident Response Team reported these vulnerabilities to NCCIC.,vendor ??,DCG Red Team
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-693

SOURCES
db:VULHUBid:VHN-140134
db:BIDid:107074
db:JVNDBid:JVNDB-2019-001860
db:CNNVDid:CNNVD-201902-693
db:NVDid:CVE-2019-0103

LAST UPDATE DATE
2024-11-23T22:00:07.068000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140134date:2020-08-24T00:00:00
db:BIDid:107074date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001860date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201902-693date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0103date:2024-11-21T04:16:14.110

SOURCES RELEASE DATE
db:VULHUBid:VHN-140134date:2019-02-18T00:00:00
db:BIDid:107074date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001860date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201902-693date:2019-02-18T00:00:00
db:NVDid:CVE-2019-0103date:2019-02-18T17:29:00.440