{"api_version":"1","generated_at":"2026-04-23T10:19:07+00:00","cve":"CVE-2019-15137","urls":{"html":"https://cve.report/CVE-2019-15137","api":"https://cve.report/api/cve/CVE-2019-15137.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-15137","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-15137"},"summary":{"title":"CVE-2019-15137","description":"The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-08-18 16:15:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://arxiv.org/abs/1908.05310","name":"https://arxiv.org/abs/1908.05310","refsource":"MISC","tags":["Third Party Advisory"],"title":"[1908.05310] Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/eProsima/Fast-RTPS/issues/441","name":"https://github.com/eProsima/Fast-RTPS/issues/441","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Misuse of fnmatch used by DDS Security Access Control [5346] · Issue #441 · eProsima/Fast-DDS · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-15137","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15137","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"15137","vulnerable":"1","versionEndIncluding":"1.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eprosima","cpe5":"fast-rtps","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-15137","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://arxiv.org/abs/1908.05310","refsource":"MISC","name":"https://arxiv.org/abs/1908.05310"},{"url":"https://github.com/eProsima/Fast-RTPS/issues/441","refsource":"MISC","name":"https://github.com/eProsima/Fast-RTPS/issues/441"}]}},"nvd":{"publishedDate":"2019-08-18 16:15:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eprosima:fast-rtps:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"15137","Ordinal":"154499","Title":"CVE-2019-15137","CVE":"CVE-2019-15137","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"15137","Ordinal":"1","NoteData":"The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"15137","Ordinal":"2","NoteData":"2019-08-18","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"15137","Ordinal":"3","NoteData":"2019-08-18","Type":"Other","Title":"Modified"}]}}}