We found results for “”
CVE-2019-10248
Good to know:
Date: April 22, 2019
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Resource Transfer Between Spheres
CWE-669Top Fix
Upgrade Version
Upgrade to version org.eclipse.vorto:mapping-core - 0.11.0; org.eclipse.vorto:org.eclipse.vorto.core - 0.11.0; org.eclipse.vorto:org.eclipse.vorto.editor.functionblock.ide - 0.11.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |