CVE-2019-11497
Last modified
CVE-2019-11497 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Couchbase | Couchbase Server | 5.0.0 |
References
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
- https://www.couchbase.com/resources/security#SecurityAlertsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11497?
How severe is CVE-2019-11497?
How do I fix CVE-2019-11497?
Are you affected by CVE-2019-11497?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST