CVE-2019-6837

CVE-2019-6837

Vendor Cve-2019-6837

Product U.motion Server

Weakness CWE-918 · SSRF

Published September 17, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.

Key dates

02Disclosure timeline

September 17, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-6837 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

Identifiers

CVE CVE-2019-6837

CWE CWE-918

Affected versions

Vendor Cve-2019-6837

Product U.motion Server

Affected MEG6501-0001 - U.motion KNX server

Vendor Cve-2019-6837

Product U.motion Server

Affected MEG6501-0002 - U.motion KNX Server Plus

Vendor Cve-2019-6837

Product U.motion Server

Affected MEG6260-0410 - U.motion KNX Server Plus

Vendor Cve-2019-6837

Product U.motion Server

Affected Touch 10

Vendor Cve-2019-6837

Product U.motion Server

Affected MEG6260-0415 - U.motion KNX Server Plus

Vendor Cve-2019-6837

Product U.motion Server

Affected Touch 15

01Description

02Disclosure timeline

03References

04Related CVE