Rewterz threat Advisory – Siemens SIPROTEC 5 and DIGSI 5 Denial of Service Vulnerabilities
July 10, 2019Rewterz Threat Advisory – CVE-2019-1849 – Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
July 11, 2019Rewterz threat Advisory – Siemens SIPROTEC 5 and DIGSI 5 Denial of Service Vulnerabilities
July 10, 2019Rewterz Threat Advisory – CVE-2019-1849 – Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
July 11, 2019Severity
Medium
Analysis Summary
The application allows users to perform certain actions via HTTP requests to the Security Console without performing proper validity checks to verify the requests. This can be exploited to conduct certain actions when a logged-in user visits a specially crafted web page.
Impact
Cross Site Scripting
Affected Vendors
Nexpose
Affected Products
Nexpose 6.5.0 through 6.5.68
Remediation
Update to version 6.5.69.