CVE-2019-18321

CRITICAL Year: 2019
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Related Vulnerabilities

CVE-2007-1966

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

CWE-2872007

CVE-2008-3738

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

CWE-2872008

CVE-2013-4454

CRITICAL
CVSS:9.1(Critical)

WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities

CWE-2872013

CVE-2013-4462

CRITICAL
CVSS:9.1(Critical)

WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability

CWE-2872013

CVE-2014-4198

CRITICAL
CVSS:9.1(Critical)

A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user ...

CWE-2872014

CVE-2016-4432

CRITICAL
CVSS:9.1(Critical)

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to con...

CWE-2872016