Common Weakness Enumeration

CWE-1103

Prohibited

Use of Platform-Dependent Third Party Components

Abstraction: Base · Status: Incomplete

The product relies on third-party components that do not provide equivalent functionality across all desirable platforms.

3 vulnerabilities reference this CWE, most recent first.

CVE-2023-1160 (GCVE-0-2023-1160)

Vulnerability from cvelistv5 – Published: 2023-03-03 00:00 – Updated: 2025-03-07 21:42
VLAI
Title
Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit
Summary
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1103 - Use of Platform-Dependent Third Party Components
Assigner
Impacted products
Vendor Product Version
cockpit-hq cockpit-hq/cockpit Affected: unspecified , < 2.4.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:58.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1160",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T21:42:30.764587Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T21:42:46.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cockpit-hq/cockpit",
          "vendor": "cockpit-hq",
          "versions": [
            {
              "lessThan": "2.4.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1103",
              "description": "CWE-1103 Use of Platform-Dependent Third Party Components",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
        },
        {
          "url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
        }
      ],
      "source": {
        "advisory": "3ce480dc-1b1c-4230-9287-0dc3b31c2f87",
        "discovery": "EXTERNAL"
      },
      "title": "Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1160",
    "datePublished": "2023-03-03T00:00:00.000Z",
    "dateReserved": "2023-03-03T00:00:00.000Z",
    "dateUpdated": "2025-03-07T21:42:46.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7512 (GCVE-0-2020-7512)

Vulnerability from cvelistv5 – Published: 2020-06-16 19:45 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.
Severity
No CVSS data available.
CWE
  • CWE-1103 - Use of Platform-Dependent Third Party Components
Assigner
References
Impacted products
Vendor Product Version
n/a Easergy T300 (Firmware version 1.5.2 and older) Affected: Easergy T300 (Firmware version 1.5.2 and older)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Easergy T300 (Firmware version 1.5.2 and older)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Easergy T300 (Firmware version 1.5.2 and older)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1103",
              "description": "CWE-1103: Use of Platform-Dependent Third Party Components",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:45:22.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1103: Use of Platform-Dependent Third Party Components"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7512",
    "datePublished": "2020-06-16T19:45:22.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-P8CQ-PV6W-6RWX

Vulnerability from github – Published: 2023-03-03 03:30 – Updated: 2023-03-14 19:39
VLAI
Summary
Cockpit Uses Platform-Dependent Third Party Components
Details

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "cockpit-hq/cockpit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-1160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1103"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-03T23:00:46Z",
    "nvd_published_at": "2023-03-03T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0.",
  "id": "GHSA-p8cq-pv6w-6rwx",
  "modified": "2023-03-14T19:39:24Z",
  "published": "2023-03-03T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1160"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cockpit-hq/cockpit"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cockpit Uses Platform-Dependent Third Party Components"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.