Search

Find a vulnerability

Search criteria

    53 vulnerabilities found for rumpus by maxum

    CVE-2025-55059 (GCVE-0-2025-55059)

    Vulnerability from nvd – Published: 2025-11-17 17:36 – Updated: 2025-11-18 16:35
    VLAI
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T16:34:56.582213Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:38.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:36:20.332Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0252",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55059",
        "datePublished": "2025-11-17T17:36:20.332Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:35:38.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55058 (GCVE-0-2025-55058)

    Vulnerability from nvd – Published: 2025-11-17 17:33 – Updated: 2025-11-18 16:36
    VLAI
    Summary
    CWE-20 Improper Input Validation
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T18:24:16.307418Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:00.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-20 Improper Input Validation\u003cbr\u003e"
                }
              ],
              "value": "CWE-20 Improper Input Validation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:33:55.882Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0251",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55058",
        "datePublished": "2025-11-17T17:33:55.882Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:36:00.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55057 (GCVE-0-2025-55057)

    Vulnerability from nvd – Published: 2025-11-17 17:31 – Updated: 2025-11-17 21:21
    VLAI
    Summary
    Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:21:43.892099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:21:55.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:31:23.641Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0250",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55057",
        "datePublished": "2025-11-17T17:31:23.641Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-17T21:21:55.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55056 (GCVE-0-2025-55056)

    Vulnerability from nvd – Published: 2025-11-17 17:28 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:22:30.564540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:21.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:28:28.345Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0249",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55056",
        "datePublished": "2025-11-17T17:28:28.345Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:21.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55055 (GCVE-0-2025-55055)

    Vulnerability from nvd – Published: 2025-11-17 17:25 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:24:43.083071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:53.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:25:36.697Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0248",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55055",
        "datePublished": "2025-11-17T17:25:36.697Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:53.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46370 (GCVE-0-2022-46370)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 14:14
    VLAI
    Title
    Rumpus - FTP server Improper Token Verification
    Summary
    Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • impoper registration verification
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T14:14:34.680998Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T14:14:54.672Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Improper Token Verification\u2013 vulnerability may allow bypassing identity verification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "impoper registration verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Improper Token Verification ",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46370",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T14:14:54.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46369 (GCVE-0-2022-46369)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:40
    VLAI
    Title
    Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector
    Summary
    Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T13:40:24.538875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T13:40:44.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) \u2013 vulnerability may allow inserting scripts into unspecified input fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Persistent cross-site scripting (PXSS) \u2013 Unspecified vector",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46369",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T13:40:44.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46368 (GCVE-0-2022-46368)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 16:20
    VLAI
    Title
    Rumpus - FTP server Cross-site request forgery (CSRF) – Create user
    Summary
    Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T16:20:23.444476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T16:20:50.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) \u2013 vulnerability may allow unauthorized action on behalf of authenticated users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0070"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013  Create user",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46368",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T16:20:50.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46367 (GCVE-0-2022-46367)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 16:00
    VLAI
    Title
    Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation
    Summary
    Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:58:45.951370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T16:00:10.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege escalation vulnerability that may allow privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0069"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46367",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T16:00:10.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-39187 (GCVE-0-2022-39187)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:39
    VLAI
    Title
    Rumpus - FTP server Reflected cross-site scripting (RXSS)
    Summary
    Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:00:43.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-39187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T13:39:13.471079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T13:39:37.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0068"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Reflected cross-site scripting (RXSS)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-39187",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-09-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T13:39:37.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55059 (GCVE-0-2025-55059)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:36 – Updated: 2025-11-18 16:35
    VLAI
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T16:34:56.582213Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:38.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:36:20.332Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0252",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55059",
        "datePublished": "2025-11-17T17:36:20.332Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:35:38.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55058 (GCVE-0-2025-55058)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:33 – Updated: 2025-11-18 16:36
    VLAI
    Summary
    CWE-20 Improper Input Validation
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T18:24:16.307418Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:00.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-20 Improper Input Validation\u003cbr\u003e"
                }
              ],
              "value": "CWE-20 Improper Input Validation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:33:55.882Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0251",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55058",
        "datePublished": "2025-11-17T17:33:55.882Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:36:00.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55057 (GCVE-0-2025-55057)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:31 – Updated: 2025-11-17 21:21
    VLAI
    Summary
    Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:21:43.892099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:21:55.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:31:23.641Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0250",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55057",
        "datePublished": "2025-11-17T17:31:23.641Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-17T21:21:55.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55056 (GCVE-0-2025-55056)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:28 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:22:30.564540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:21.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:28:28.345Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0249",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55056",
        "datePublished": "2025-11-17T17:28:28.345Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:21.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55055 (GCVE-0-2025-55055)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:25 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:24:43.083071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:53.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:25:36.697Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0248",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55055",
        "datePublished": "2025-11-17T17:25:36.697Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:53.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46369 (GCVE-0-2022-46369)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:40
    VLAI
    Title
    Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector
    Summary
    Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T13:40:24.538875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T13:40:44.402Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) \u2013 vulnerability may allow inserting scripts into unspecified input fields."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0071"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Persistent cross-site scripting (PXSS) \u2013 Unspecified vector",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46369",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T13:40:44.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46370 (GCVE-0-2022-46370)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 14:14
    VLAI
    Title
    Rumpus - FTP server Improper Token Verification
    Summary
    Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • impoper registration verification
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T14:14:34.680998Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T14:14:54.672Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Improper Token Verification\u2013 vulnerability may allow bypassing identity verification."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "impoper registration verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0072"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Improper Token Verification ",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46370",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T14:14:54.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46367 (GCVE-0-2022-46367)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 16:00
    VLAI
    Title
    Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation
    Summary
    Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T15:58:45.951370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T16:00:10.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege escalation vulnerability that may allow privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0069"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46367",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T16:00:10.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46368 (GCVE-0-2022-46368)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 16:20
    VLAI
    Title
    Rumpus - FTP server Cross-site request forgery (CSRF) – Create user
    Summary
    Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP server Affected: latest , < 9.0.7.1* (custom)
    Create a notification for this product.
    Date Public
    2023-01-12 00:00
    Credits
    Moshe Mizrahi, Almog Cygel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T16:20:23.444476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T16:20:50.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FTP server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "lessThan": "9.0.7.1*",
                  "status": "affected",
                  "version": "latest",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Moshe Mizrahi, Almog Cygel "
            }
          ],
          "datePublic": "2023-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) \u2013 vulnerability may allow unauthorized action on behalf of authenticated users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "defect": [
              "ILVN-2022-0070"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Rumpus - FTP server Cross-site request forgery (CSRF) \u2013  Create user",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2022-46368",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2022-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-08T16:20:50.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-200908-0054

    Vulnerability from variot - Updated: 2025-04-10 23:17

    Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. Maxum Rumpus FTP Server is prone to a remote denial-of-service vulnerability. This issue allows remote attackers to crash affected servers, denying service to legitimate users. Maxum Rumpus is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with root privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Rumpus 6.0.1 are vulnerable. ----------------------------------------------------------------------

    Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

    Click here to learn more: http://secunia.com/advisories/business_solutions/


    TITLE: Rumpus Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA32892

    VERIFY ADVISORY: http://secunia.com/advisories/32892/

    CRITICAL: Moderately critical

    IMPACT: DoS, System access

    WHERE:

    From remote

    SOFTWARE: Rumpus 6.x http://secunia.com/advisories/product/20643/

    DESCRIPTION: Blue Moon Consulting has reported some vulnerabilities in Rumpus, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malicious users to potentially compromise a vulnerable system.

    1) An error in the HTTP service when processing overly long HTTP methods can be exploited to cause a crash.

    2) A boundary error in the FTP service when processing arguments sent to the e.g. "MKD", "XMKD", "RMD" FTP commands can be exploited to cause a stack-based buffer overflow.

    Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires valid FTP credentials.

    The vulnerabilities are reported in version 6.0.

    SOLUTION: Update to version 6.0.1.

    PROVIDED AND/OR DISCOVERED BY: Blue Moon Consulting

    ORIGINAL ADVISORY: Blue Moon Consulting (BMSA 2008-09): http://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066086.html

    Maxum: http://www.maxum.com/Rumpus/News601.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0054",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "6.0"
          },
          {
            "model": "rumpus",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "6.0.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "6.0"
          },
          {
            "model": "rumpus ftp server",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "6.0.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Blue Moon Consulting",
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2008-7078",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2008-7078",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2008-7078",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2008-7078",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200908-397",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. Maxum Rumpus FTP Server is prone to a remote denial-of-service vulnerability. \nThis issue allows remote attackers to crash affected servers, denying service to legitimate users. Maxum Rumpus is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with root privileges. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Rumpus 6.0.1 are vulnerable. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nRumpus Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA32892\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32892/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nRumpus 6.x\nhttp://secunia.com/advisories/product/20643/\n\nDESCRIPTION:\nBlue Moon Consulting has reported some vulnerabilities in Rumpus,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and by malicious users to potentially compromise a\nvulnerable system. \n\n1) An error in the HTTP service when processing overly long HTTP\nmethods can be exploited to cause a crash. \n\n2) A boundary error in the FTP service when processing arguments sent\nto the e.g. \"MKD\", \"XMKD\", \"RMD\" FTP commands can be exploited to\ncause a stack-based buffer overflow. \n\nSuccessful exploitation of this vulnerability may allow execution of\narbitrary code, but requires valid FTP credentials. \n\nThe vulnerabilities are reported in version 6.0. \n\nSOLUTION:\nUpdate to version 6.0.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nBlue Moon Consulting\n\nORIGINAL ADVISORY:\nBlue Moon Consulting (BMSA 2008-09):\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066086.html\n\nMaxum:\nhttp://www.maxum.com/Rumpus/News601.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          },
          {
            "db": "PACKETSTORM",
            "id": "72552"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-7078",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "32560",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "32558",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "32892",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "7314",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354",
            "trust": 0.8
          },
          {
            "db": "FULLDISC",
            "id": "20081201 [BMSA 2008-09] TWO BUFFER OVERFLOW VULNERABILITIES IN RUMPUS V6.0",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "46987",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "46988",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20081201 [BMSA 2008-09] TWO BUFFER OVERFLOW VULNERABILITIES IN RUMPUS V6.0",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "7314",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "72552",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "PACKETSTORM",
            "id": "72552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "id": "VAR-200908-0054",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5608974
      },
      "last_update_date": "2025-04-10T23:17:53.363000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "http://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.maxum.com/rumpus/news601.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/32560"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/32558"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/32892"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/7314"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7078"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7078"
          },
          {
            "trust": 0.6,
            "url": "http://www.maxum.com/rumpus/"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/498786"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/46988"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/46987"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/498786/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/7314"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/32892/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/business_solutions/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/product/20643/"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-december/066086.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "PACKETSTORM",
            "id": "72552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "db": "PACKETSTORM",
            "id": "72552"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-12-01T00:00:00",
            "db": "BID",
            "id": "32560"
          },
          {
            "date": "2008-12-01T00:00:00",
            "db": "BID",
            "id": "32558"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "date": "2008-12-02T17:24:32",
            "db": "PACKETSTORM",
            "id": "72552"
          },
          {
            "date": "2008-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "date": "2009-08-25T10:30:00.627000",
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-12-01T23:53:00",
            "db": "BID",
            "id": "32560"
          },
          {
            "date": "2008-12-01T23:53:00",
            "db": "BID",
            "id": "32558"
          },
          {
            "date": "2012-09-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          },
          {
            "date": "2009-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200908-397"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2008-7078"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus Vulnerable to buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004354"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "32560"
          },
          {
            "db": "BID",
            "id": "32558"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0472

    Vulnerability from variot - Updated: 2024-11-23 23:04

    A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0472",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          }
        ]
      },
      "cve": "CVE-2019-19666",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19666",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014498",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04695",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19666",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014498",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19666",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014498",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04695",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-341",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19666",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "id": "VAR-202002-0472",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:04:29.186000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19666.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19666"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19666"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "date": "2020-02-10T18:15:11.953000",
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04695"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          },
          {
            "date": "2024-11-21T04:35:09.217000",
            "db": "NVD",
            "id": "CVE-2019-19666"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Cross-site request forgery vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014498"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-341"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0468

    Vulnerability from variot - Updated: 2024-11-23 22:48

    A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0468",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          }
        ]
      },
      "cve": "CVE-2019-19662",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19662",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014622",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04692",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19662",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014622",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19662",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014622",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04692",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-338",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Web File Manager\u0027s Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19662",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "id": "VAR-202002-0468",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:48:08.779000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19662.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19662"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19662"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "date": "2020-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "date": "2020-02-10T17:15:16.257000",
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "date": "2020-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014622"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          },
          {
            "date": "2024-11-21T04:35:08.623000",
            "db": "NVD",
            "id": "CVE-2019-19662"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Server Web File Manager Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-338"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0471

    Vulnerability from variot - Updated: 2024-11-23 22:44

    A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0471",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          }
        ]
      },
      "cve": "CVE-2019-19665",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19665",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014504",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-04663",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19665",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014504",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19665",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014504",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04663",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-336",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19665",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "id": "VAR-202002-0471",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:44:44.224000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19665.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19665"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19665"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "date": "2020-02-10T16:15:14.187000",
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04663"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          },
          {
            "date": "2024-11-21T04:35:09.067000",
            "db": "NVD",
            "id": "CVE-2019-19665"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Cross-site request forgery vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014504"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-336"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0470

    Vulnerability from variot - Updated: 2024-11-23 22:41

    A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0470",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          }
        ]
      },
      "cve": "CVE-2019-19664",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19664",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014623",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04693",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19664",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014623",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19664",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014623",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04693",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-339",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19664",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "id": "VAR-202002-0470",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:11.067000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19664.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19664"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19664"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "date": "2020-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "date": "2020-02-10T17:15:16.350000",
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04693"
          },
          {
            "date": "2020-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          },
          {
            "date": "2024-11-21T04:35:08.927000",
            "db": "NVD",
            "id": "CVE-2019-19664"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Cross-site request forgery vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014623"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-339"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0467

    Vulnerability from variot - Updated: 2024-11-23 22:37

    A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. Rumpus FTP Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0467",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          }
        ]
      },
      "cve": "CVE-2019-19661",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19661",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014497",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04694",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19661",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014497",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19661",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014497",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04694",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-340",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. Rumpus FTP Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19661",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "id": "VAR-202002-0467",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:37:33.141000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19661"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 1.4,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19661%20(un-authenticated).md"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19661%20%28un-authenticated%29.md"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19661"
          },
          {
            "trust": 0.6,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19661%20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "date": "2020-02-10T18:15:11.877000",
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014497"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          },
          {
            "date": "2024-11-21T04:35:08.480000",
            "db": "NVD",
            "id": "CVE-2019-19661"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Server Web File Manager Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04694"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-340"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0473

    Vulnerability from variot - Updated: 2024-11-23 22:21

    A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0473",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          }
        ]
      },
      "cve": "CVE-2019-19667",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19667",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014499",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04696",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19667",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014499",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19667",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014499",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04696",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-342",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-19667",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19667",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "id": "VAR-202002-0473",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:21:20.550000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19667.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19667"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19667"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "date": "2020-02-10T18:15:12.017000",
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "date": "2020-02-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19667"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014499"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          },
          {
            "date": "2024-11-21T04:35:09.370000",
            "db": "NVD",
            "id": "CVE-2019-19667"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Web File Manager Block Clients Component Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-342"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0469

    Vulnerability from variot - Updated: 2024-11-23 22:16

    A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0469",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          }
        ]
      },
      "cve": "CVE-2019-19663",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19663",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014503",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-04662",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19663",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014503",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19663",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014503",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04662",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-335",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19663",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "id": "VAR-202002-0469",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:16:38.989000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19663.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19663"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19663"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "date": "2020-02-10T16:15:14.097000",
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04662"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          },
          {
            "date": "2024-11-21T04:35:08.773000",
            "db": "NVD",
            "id": "CVE-2019-19663"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Cross-site request forgery vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014503"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-335"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0475

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0475",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "ftp 8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          }
        ]
      },
      "cve": "CVE-2019-19669",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19669",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014500",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04697",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19669",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014500",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19669",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014500",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04697",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-343",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. Rumpus FTP Exists in a cross-site request forgery vulnerability.Information may be tampered with. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19669",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "id": "VAR-202002-0475",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:11:38.328000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19669.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19669"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19669"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "date": "2020-02-10T18:15:12.080000",
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014500"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          },
          {
            "date": "2024-11-21T04:35:09.657000",
            "db": "NVD",
            "id": "CVE-2019-19669"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Web File Manager Upload Center Forms Component Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04697"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-343"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0474

    Vulnerability from variot - Updated: 2024-11-23 21:51

    A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. Rumpus FTP Contains a cross-site request forgery vulnerability.Information may be altered. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0474",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus ftp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": null
          },
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "rumpus ftp server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "maxum",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "cve": "CVE-2019-19668",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19668",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04699",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19668",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-19668",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19668",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-19668",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04699",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-345",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. Rumpus FTP Contains a cross-site request forgery vulnerability.Information may be altered. The vulnerability stems from a web application\u0027s insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19668",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "id": "VAR-202002-0474",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          }
        ],
        "trust": 1.1608974
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:40.550000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CVE\u0027s\u00a0for\u00a0Rumpus\u00a0FTP\u00a0Server GitHub",
            "trust": 0.8,
            "url": "https://github.com/harshit-shukla/CVE"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://github.com/harshit-shukla/cve/blob/master/cve-2019-19668.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19668"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/harshit-shukla/cve"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "date": "2020-02-10T19:15:11.637000",
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014420"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          },
          {
            "date": "2024-11-21T04:35:09.510000",
            "db": "NVD",
            "id": "CVE-2019-19668"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Web File Manager File Types Component Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04699"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-345"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201912-0904

    Vulnerability from variot - Updated: 2024-11-23 20:51

    A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0904",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rumpus",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "maxum",
            "version": "8.2.9.1"
          },
          {
            "model": "ftp web file manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "rumpus",
            "version": "8.2.9.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:maxum:rumpus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sudeepto Roy",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-19368",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-19368",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-03550",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-19368",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-19368",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19368",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-19368",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-03550",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-719",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-19368",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19368",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155719",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU93632155",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "id": "VAR-201912-0904",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          }
        ]
      },
      "last_update_date": "2024-11-23T20:51:13.342000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Rumpus",
            "trust": 0.8,
            "url": "https://www.maxum.com/Rumpus/Download.html"
          },
          {
            "title": "Patch for Rumpus FTP Web File Manager Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/198805"
          },
          {
            "title": "Rumpus FTP Web File Manager Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105747"
          },
          {
            "title": "nuclei-templates",
            "trust": 0.1,
            "url": "https://github.com/projectdiscovery/nuclei-templates "
          },
          {
            "title": "nuclei-templates",
            "trust": 0.1,
            "url": "https://github.com/storenth/nuclei-templates "
          },
          {
            "title": "kenzer-templates",
            "trust": 0.1,
            "url": "https://github.com/Elsfa7-110/kenzer-templates "
          },
          {
            "title": "kenzer-templates",
            "trust": 0.1,
            "url": "https://github.com/ARPSyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://packetstormsecurity.com/files/155719/rumpus-ftp-web-file-manager-8.2.9.1-cross-site-scripting.html"
          },
          {
            "trust": 2.3,
            "url": "https://github.com/harshit-shukla/cve-2019-19368/"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19368"
          },
          {
            "trust": 1.7,
            "url": "https://www.maxum.com/rumpus/download.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19368"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93632155/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/projectdiscovery/nuclei-templates"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "date": "2019-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "date": "2019-12-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "date": "2019-12-16T16:15:11.737000",
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "date": "2019-12-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19368"
          },
          {
            "date": "2019-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-013417"
          },
          {
            "date": "2019-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          },
          {
            "date": "2024-11-21T04:34:39.403000",
            "db": "NVD",
            "id": "CVE-2019-19368"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rumpus FTP Web File Manager Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-03550"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-719"
          }
        ],
        "trust": 0.6
      }
    }