CVE-2019-15135 Information

Description

The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session) which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://arxiv.org/abs/1908.05310 https://www.omg.org/spec/DDS-SECURITY/1.1/PDF

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5