Sign-up

ID

VAR-201906-0916


CVE

CVE-2019-0130


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-004980

DESCRIPTION

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. Intel Rapid Storage Technology Enterprise is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content, inject malicious content or cause denial-of-service conditions. Intel Rapid Storage Technology Enterprise version prior 5.5.0.2015 to are vulnerable. Intel Accelerated Storage Manager is one of the accelerated storage managers. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.26

sources: NVD: CVE-2019-0130 // BID: 108775 // VULHUB: VHN-140161

AFFECTED PRODUCTS

vendor:intelmodel:rapid storage technology enterprisescope:ltversion:5.5.0.2015

Trust: 1.0

vendor:lenovomodel:thinkstation p720scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p520scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p520cscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p920scope:eqversion: -

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:chipset device softwarescope: - version: -

Trust: 0.8

vendor:intelmodel:compute cardscope: - version: -

Trust: 0.8

vendor:intelmodel:compute stickscope: - version: -

Trust: 0.8

vendor:intelmodel:core i3scope: - version: -

Trust: 0.8

vendor:intelmodel:core i5scope: - version: -

Trust: 0.8

vendor:intelmodel:core x-seriesscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

vendor:intelmodel:omni-path fabric manager guiscope: - version: -

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor 2000 series

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor 3000 series

Trust: 0.8

vendor:intelmodel:pentiumscope:eqversion:processor g series

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:raid web console v3scope:eqversion:for windows

Trust: 0.8

vendor:intelmodel:sgx dcap linux driverscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx linux client driverscope: - version: -

Trust: 0.8

vendor:intelmodel:turbo boost max technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v3 family

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v5 family

Trust: 0.8

vendor:intelmodel:xeonscope:eqversion:processor e7 v7 family

Trust: 0.8

vendor:intelmodel:ite tech* consumer infrared driverscope:eqversion:for windows 10

Trust: 0.8

vendor:intelmodel:open cloud integrity technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:openattestationscope: - version: -

Trust: 0.8

vendor:intelmodel:rapid storage technology enterprisescope:eqversion:5.5.0.2013

Trust: 0.3

vendor:intelmodel:rapid storage technology enterprisescope:neversion:5.5.0.2015

Trust: 0.3

sources: BID: 108775 // JVNDB: JVNDB-2019-004980 // NVD: CVE-2019-0130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0130
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201906-529
value: HIGH

Trust: 0.6

VULHUB: VHN-140161
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0130
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-140161
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0130
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140161 // CNNVD: CNNVD-201906-529 // NVD: CVE-2019-0130

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-140161 // NVD: CVE-2019-0130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-529

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201906-529

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004980

PATCH
title:[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html
Trust: 0.8
title:[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html
Trust: 0.8
title:[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html
Trust: 0.8
title:[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html
Trust: 0.8
title:[INTEL-SA-00264] Intel NUC Firmware Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html
Trust: 0.8
title:[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html
Trust: 0.8
title:[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html
Trust: 0.8
title:[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html
Trust: 0.8
title:[INTEL-SA-00235] Intel SGX for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html
Trust: 0.8
title:[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
Trust: 0.8
title:[INTEL-SA-00247] Partial Physical Address Leakage Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html
Trust: 0.8
title:Intel Rapid Storage Technology Enterprise Intel Accelerated Storage Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93760
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-529

EXTERNAL IDS
db:NVDid:CVE-2019-0130
Trust: 2.8
db:BIDid:108775
Trust: 2.0
db:LENOVOid:LEN-27843
Trust: 1.7
db:JVNid:JVNVU95572531
Trust: 0.8
db:JVNDBid:JVNDB-2019-004980
Trust: 0.8
db:CNNVDid:CNNVD-201906-529
Trust: 0.7
db:VULHUBid:VHN-140161
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140161 // 
            
            
            
            BID: 108775 // 
            
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-529 // 
            
            
            
            NVD: CVE-2019-0130

REFERENCES
url:http://www.securityfocus.com/bid/108775
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html
Trust: 2.0
url:https://support.lenovo.com/us/en/product_security/len-27843
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0130
Trust: 1.4
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95572531
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0128
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0178
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11119
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0179
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11123
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0136
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0180
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11124
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0157
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0181
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11125
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0164
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0182
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11126
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0174
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11127
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0175
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11092
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11128
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3702
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0177
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11117
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-11129
Trust: 0.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/in
Trust: 0.6
url:https://support.lenovo.com/us/zh/product_security/len-27843
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140161 // 
            
            
            
            BID: 108775 // 
            
            
            
            JVNDB: JVNDB-2019-004980 // 
            
            
            
            CNNVD: CNNVD-201906-529 // 
            
            
            
            NVD: CVE-2019-0130

CREDITS
Marius Gabriel Mihai.
Trust: 0.9
sources:
            
            
            BID: 108775 // 
            
            
            
            CNNVD: CNNVD-201906-529

SOURCES
db:VULHUBid:VHN-140161
db:BIDid:108775
db:JVNDBid:JVNDB-2019-004980
db:CNNVDid:CNNVD-201906-529
db:NVDid:CVE-2019-0130

LAST UPDATE DATE
2024-11-23T20:02:16.889000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140161date:2023-03-02T00:00:00
db:BIDid:108775date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-004980date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-529date:2019-07-02T00:00:00
db:NVDid:CVE-2019-0130date:2024-11-21T04:16:17.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-140161date:2019-06-13T00:00:00
db:BIDid:108775date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-004980date:2019-06-13T00:00:00
db:CNNVDid:CNNVD-201906-529date:2019-06-11T00:00:00
db:NVDid:CVE-2019-0130date:2019-06-13T16:29:00.403