CVE Vulnerabilities

CVE-2019-19160

Missing Support for Integrity Check

Published: Jun 29, 2020 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).

Weakness

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Affected Software

Name Vendor Start Version End Version
Reportexpress_proplus Cabsoftware * 3.0.0.62 (excluding)

Potential Mitigations

References