CVE-2019-19989

HIGH

Selesta Visual Access Manager 4.15.0-4.29.0 - Missing Authorization

Title source: llm
STIX 2.1

Description

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization.

References (3)

Core 3
Core References
Product x_refsource_misc
https://www.seling.it/
Product, Vendor Advisory x_refsource_misc
https://www.seling.it/product/vam/

Scores

CVSS v3 7.5
EPSS 0.0134
EPSS Percentile 67.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
seling/visual_access_manager 4.15.0 - 4.29.0
Published Feb 26, 2020
Tracked Since Feb 18, 2026