CVE-2019-9191 Detail Current Description The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy.

View Analysis Description Analysis Description The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 5.9 MEDIUM Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 4.3 MEDIUM Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Weakness Enumeration CWE-ID CWE Name Source CWE-310 Cryptographic Issues NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 3 change records found show changes Modified Analysis 3/04/2019 8:13:54 AM Action Type Old Value New Value Changed Reference Type http://www.securityfocus.com/bid/107208 No Types Assigned



http://www.securityfocus.com/bid/107208 Third Party Advisory, VDB Entry



CVE Modified by MITRE 3/02/2019 6:29:04 AM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/107208 [No Types Assigned]



Initial Analysis 2/27/2019 9:3:14 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:etsi:enterprise_transport_security:-:*:*:*:*:*:*:*



Added CVSS V2 (AV:N/AC:M/Au:N/C:P/I:N/A:N)



Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N



Added CWE CWE-310



Changed Reference Type https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it No Types Assigned



https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it Third Party Advisory



Quick Info CVE Dictionary Entry:

CVE-2019-9191

NVD Published Date:

02/26/2019

NVD Last Modified:

03/04/2019

Source:

MITRE

