ByteOS Network

NVD Vulnerability Details :

CVE-2019-3897

Analyzed

Source-secalert@redhat.com

Published At-16 Mar, 2021 | 22:15

Updated At-22 Mar, 2021 | 19:51

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Red Hat, Inc.

>>enterprise_linux>>6.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>certification>>-

cpe:2.3:a:redhat:certification:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-552	Primary	secalert@redhat.com

References

Hyperlink	Source	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1593768	secalert@redhat.com	Issue Tracking Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History