How severe is CVE-2019-11288?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2019-11288?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2019-11288 - HIGH Severity | CVSS 7.3

Vulnerability Description

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.

Related Vulnerabilities

CVE-2013-2012

HIGH

CVSS:7.3(High)

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

CWE-2692013

CVE-2017-14484

HIGH

CVSS:7.3(High)

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an...

CWE-2692017

CVE-2019-11270

HIGH

CVSS:7.3(High)

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created vi...

CWE-2692019

CVE-2022-20739

HIGH

CVSS:7.3(High)

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker...

CWE-2692022

CVE-2022-44732

HIGH

CVSS:7.3(High)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CWE-2692022

CVE-2022-44733

HIGH

CVSS:7.3(High)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CWE-2692022