Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2019-11068

Published

5 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

Critical

Impact Analysis

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded..

CVSSv2.0 Score

Severity: High
Base Score: 7.5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Critical
Base Score: 9.8/10
Exploit Score: 3.9/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 5.9/10
Confidentiality Impact: High
Availability Impact: High
Integrity Impact: High
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:xmlsoft:libxslt::::::::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*	Yes	-	-
cpe:2.3:o:debian:debian_linux:8.0:::::::*	Yes	-	-
cpe:2.3:o:fedoraproject:fedora:29:::::::*	Yes	-	-
cpe:2.3:o:fedoraproject:fedora:30:::::::*	Yes	-	-
cpe:2.3:a:oracle:jdk:8.0:update_221::::::	Yes	-	-
cpe:2.3:a:netapp:cloud_backup:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:element_software:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::*	Yes	-	-
cpe:2.3:a:netapp:snapmanager:-:::::sap::	Yes	-	-
cpe:2.3:a:netapp:oncommand_workflow_automation:-::::::	Yes	-	-
cpe:2.3:a:netapp:oncommand_insight:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:	Yes	-	-
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::*	Yes	-	-
cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::*	Yes	-	-
cpe:2.3:a:netapp:snapmanager:-:-::::oracle::*	Yes	-	-
cpe:2.3:a:netapp:solidfire:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:hci_management_node:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_	Yes	-	-
cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*	Yes	-	-
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*	Yes	-	-
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::*:	Yes	-	-
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows	Yes	-	-
cpe:2.3:a:netapp:e-series_santricity_os_controller:::::*	Yes	11.0	-
cpe:2.3:o:opensuse:leap:42.3:::::::*	Yes	-	-
cpe:2.3:o:opensuse:leap:15.0:::::::*	Yes	-	-
cpe:2.3:o:opensuse:leap:15.1:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2019-11068

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2019-11068

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References