Search criteria
2 vulnerabilities by topmeeting
CVE-2019-13410 (GCVE-0-2019-13410)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:25 – Updated: 2024-09-16 18:12
VLAI
Title
TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information
Summary
TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page.
Severity
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201907002 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TOPOO Technology | TOPMeeting |
Affected:
before version 8.8 (2019/08/19)
|
Date Public
2019-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TOPMeeting",
"vendor": "TOPOO Technology",
"versions": [
{
"status": "affected",
"version": "before version 8.8 (2019/08/19)"
}
]
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:25:59.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13410",
"STATE": "PUBLIC",
"TITLE": "TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TOPMeeting",
"version": {
"version_data": [
{
"version_value": "before version 8.8 (2019/08/19)"
}
]
}
}
]
},
"vendor_name": "TOPOO Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13410",
"datePublished": "2019-10-17T19:25:59.880Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:12:58.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13409 (GCVE-0-2019-13409)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:24 – Updated: 2024-09-16 20:17
VLAI
Title
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)
Summary
A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3019-f0dd8-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201907001 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TOPOO Technology | TOPMeeting |
Affected:
before version 8.8 (2019/08/19)
|
Date Public
2019-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3019-f0dd8-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TOPMeeting",
"vendor": "TOPOO Technology",
"versions": [
{
"status": "affected",
"version": "before version 8.8 (2019/08/19)"
}
]
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:24:35.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3019-f0dd8-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13409",
"STATE": "PUBLIC",
"TITLE": "A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TOPMeeting",
"version": {
"version_data": [
{
"version_value": "before version 8.8 (2019/08/19)"
}
]
}
}
]
},
"vendor_name": "TOPOO Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3019-f0dd8-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3019-f0dd8-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907001",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907001"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13409",
"datePublished": "2019-10-17T19:24:35.696Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:31.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}