CVE-2019-18998 HIGH

CVE-2019-18998: Asset Suite Direct Object Reference Access

Vendor Abb
Product Asset Suite
Weakness CWE-284
Published February 17, 2020
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.

Key dates

02Disclosure timeline

February 17, 2020 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-38546 CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. CVE-2019-1660 Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-64400 Insufficient permission checks when pre-enrolling users Summary