CVE-2019-13163

high-risk

Published 2020-02-07

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Gp7000F Firmware

Primepower Firmware

Gps Firmware

Sparc Enterprise M3000 Firmware

Sparc Enterprise M4000 Firmware

Sparc Enterprise M5000 Firmware

Sparc Enterprise M8000 Firmware

Sparc Enterprise M9000 Firmware

Sparc M12-1 Firmware

Sparc M12-2 Firmware

Sparc M12-2S Firmware

Primergy Rx2530 M5 Firmware

Primergy Rx2540 M5 Firmware

Primergy Rx4770 M5 Firmware

Primergy Tx2550 M5 Firmware

Granpower 5000 Firmware

Celsius Firmware

Primequest Firmware

Interstage Application Development Cycle Manager

Affected Vendors

Fujitsu

References (2)

Vendor Advisory https://www.fujitsu.com/jp/products/software/resources/condition/security/produc...

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical