CVE-2019-15493
CVE-2019-15493 is a high-severity vulnerability in It-novum Openitcockpit with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 6.4
- EPSS exploit prediction: 1% (64th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: It-novum Openitcockpit
- Published:
- Last modified:
Description
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
Frequently asked questions
- What is CVE-2019-15493?
- openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
- How severe is CVE-2019-15493?
- CVE-2019-15493 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2019-15493 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (64th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-15493?
- CVE-2019-15493 affects It-novum Openitcockpit. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2019-15493?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2019-15493 published?
- CVE-2019-15493 was published on 2019-08-23 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*
More vulnerabilities in It-novum Openitcockpit
- CVE-2020-10789 — Critical (CVSS 9.8): openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell…
- CVE-2019-15494 — Critical (CVSS 9.8): openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
- CVE-2019-15490 — Critical (CVSS 9.8): openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
- CVE-2020-10788 — Critical (CVSS 9.1): openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random…
- CVE-2026-24893 — High (CVSS 8.8): openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition…
- CVE-2023-36663 — High (CVSS 8.8): it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the…