Vulnerability Description
A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Xhq | < 6.0.0.2 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdfVendor Advisory
FAQ
What is CVE-2019-13932?
CVE-2019-13932 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. ...
How severe is CVE-2019-13932?
CVE-2019-13932 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-13932?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Xhq.