{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T02:54:43.494","vulnerabilities":[{"cve":{"id":"CVE-2019-0202","sourceIdentifier":"security@apache.org","published":"2019-07-26T00:15:11.027","lastModified":"2024-11-21T04:16:28.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints."},{"lang":"es","value":"El demonio de Apache Storm Logviewer expone los endpoints accesibles de HTTP para leer y buscar archivos de registro en hosts que ejecutan Storm. En las versiones 0.9.1-incubating hasta 1.2.2 de Apache Storm, es posible leer archivos del sistema de archivos del host que no estaban destinados a ser accesibles por medio de estos endpoints."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.3","versionEndIncluding":"1.2.2","matchCriteriaId":"F42204EB-4F77-45CE-82AA-55167E07F25B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:storm:0.9.1:incubating:*:*:*:*:*:*","matchCriteriaId":"2FA6B847-56A1-4875-B831-00D927691FDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:storm:0.9.2:incubating:*:*:*:*:*:*","matchCriteriaId":"9EA5AA13-CA46-4AB0-919C-929201F2857B"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}