{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T05:10:19.030","vulnerabilities":[{"cve":{"id":"CVE-2019-11497","sourceIdentifier":"cve@mitre.org","published":"2019-09-10T18:15:12.633","lastModified":"2024-11-21T04:21:12.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate."},{"lang":"es","value":"En Couchbase Server versión 5.0.0, cuando se ingresó un Certificado de clúster remoto no válido como parte de la creación de referencia, XDCR no analizó ni verificó la firma del certificado. Luego aceptó el certificado no válido e intentó usarlo para establecer conexiones futuras al clúster remoto. Esto se ha solucionado en la versión 5.5.0. XDCR ahora verifica la validez del certificado a fondo y evita que se cree una referencia de clúster remoto con un certificado no válido."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:couchbase:couchbase_server:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2008B5F0-AE95-4F6D-89AD-451B7E2A0341"}]}]}],"references":[{"url":"https://www.couchbase.com/resources/security#SecurityAlerts","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.couchbase.com/resources/security#SecurityAlerts","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}