How severe is CVE-2019-13022?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-13022?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2019-13022 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers).

Related Vulnerabilities

CVE-2007-6013

CRITICAL

CVSS:9.8(Critical)

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene...

CWE-3272007

CVE-2012-4449

CRITICAL

CVSS:9.8(Critical)

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depend...

CWE-3272012

CVE-2014-8687

CRITICAL

CVSS:9.8(Critical)

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...

CWE-3272014

CVE-2014-9969

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

CWE-3272014

CVE-2016-6602

CRITICAL

CVSS:9.8(Critical)

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/s...

CWE-3272016

CVE-2017-17717

CRITICAL

CVSS:9.8(Critical)

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

CWE-3272017