Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-19135 Vulnerability in maven package org.eclipse.milo:sdk-client

Description

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

Remediation

References

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

https://opcfoundation.org/security-bulletins/

Related Vulnerabilities

CVE-2023-26472 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui

CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-46115 Vulnerability in npm package @tauri-apps/cli

CVE-2020-36618 Vulnerability in npm package whois

CVE-2013-2160 Vulnerability in maven package org.apache.cxf:apache-cxf

Severity

High

Classification

CWE-330 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Patch Vendor Advisory