CVE-2019-6581

Name of the Vulnerable Software and Affected Versions Siveillance VMS 2017 R2 versions prior to V11.2a Siveillance VMS 2018 R1 versions prior to V12.1a Siveillance VMS 2018 R2 versions prior to V12.2a Siveillance VMS 2018 R3 versions prior to V12.3a Siveillance VMS 2019 R1 versions prior to V13.1a

Description A security issue has been identified that allows an attacker with network access to port 80/TCP to change user roles without proper authorization. The issue can be exploited by an authenticated attacker with network access to the affected service, and no user interaction is required. Successful exploitation compromises the confidentiality, integrity, and availability of the targeted system. At the time of advisory publication, no public exploitation of this issue was known.

Recommendations For Siveillance VMS 2017 R2 versions prior to V11.2a, update to version V11.2a or later. For Siveillance VMS 2018 R1 versions prior to V12.1a, update to version V12.1a or later. For Siveillance VMS 2018 R2 versions prior to V12.2a, update to version V12.2a or later. For Siveillance VMS 2018 R3 versions prior to V12.3a, update to version V12.3a or later. For Siveillance VMS 2019 R1 versions prior to V13.1a, update to version V13.1a or later.