{"vuid":"VU#873161","idnumber":"873161","name":"Telos Automated Message Handling System contains multiple vulnerabilities","keywords":["cross-site scripting"],"overview":"Telos Automated Message Handling System (AMHS) contains multiple XSS vulnerabilities and a database information disclosure vulnerability.","clean_desc":"Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community(IC)security marking requirements. AMHS versions prior to version 4.1.5.5 contain multiple XSS vulnerabilities and also fail to properly restrict access to information about other users on the system.","impact":"By creating a specially-crafted AMHS URI, an attacker may be able to inject arbitrary JavaScript into an AMHS session or access information about other AMHS users.","resolution":"Apply an update These issues are addressed in AMHS version 4.1.5.5. Please contact Telos for update availability.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Will Dormann.","public":["https://www.telos.com/enterprise/organizational-messaging/","https://www.telos.com/enterprise/organizational-messaging/support/"],"cveids":["CVE-2019-9537","CVE-2019-9538","CVE-2019-9539","CVE-2019-9540","CVE-2019-9541","CVE-2019-9542"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2019-10-21T20:09:05Z","publicdate":"2019-12-19T00:00:00Z","datefirstpublished":"2019-12-19T20:39:41Z","dateupdated":"2019-12-19T20:39:42Z","revision":15,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.4","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","cvss_temporalscore":"5","cvss_environmentalscore":"3.7718594822475","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}