Vulnerability Description
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Primasystems | Flexair | <= 2.3.38 |
Related Weaknesses (CWE)
References
- https://applied-risk.com/labs/advisoriesNot ApplicableThird Party Advisory
- https://www.applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
- https://applied-risk.com/labs/advisoriesNot ApplicableThird Party Advisory
- https://www.applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-7281?
CVE-2019-7281 is a vulnerability with a CVSS score of 8.8 (HIGH). Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a...
How severe is CVE-2019-7281?
CVE-2019-7281 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7281?
Check the references section above for vendor advisories and patch information. Affected products include: Primasystems Flexair.