Common Weakness Enumeration
CWE-1103
ProhibitedUse of Platform-Dependent Third Party Components
Abstraction: Base · Status: Incomplete
The product relies on third-party components that do not provide equivalent functionality across all desirable platforms.
3 vulnerabilities reference this CWE, most recent first.
CVE-2023-1160 (GCVE-0-2023-1160)
Vulnerability from cvelistv5 – Published: 2023-03-03 00:00 – Updated: 2025-03-07 21:42
VLAI
EPSS
VEX
Title
Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit
Summary
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
Severity
4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1103 - Use of Platform-Dependent Third Party Components
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Affected:
unspecified , < 2.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:42:30.764587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:42:46.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1103",
"description": "CWE-1103 Use of Platform-Dependent Third Party Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
}
],
"source": {
"advisory": "3ce480dc-1b1c-4230-9287-0dc3b31c2f87",
"discovery": "EXTERNAL"
},
"title": "Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1160",
"datePublished": "2023-03-03T00:00:00.000Z",
"dateReserved": "2023-03-03T00:00:00.000Z",
"dateUpdated": "2025-03-07T21:42:46.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7512 (GCVE-0-2020-7512)
Vulnerability from cvelistv5 – Published: 2020-06-16 19:45 – Updated: 2024-08-04 09:33
VLAI
EPSS
VEX
Summary
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.
Severity
No CVSS data available.
CWE
- CWE-1103 - Use of Platform-Dependent Third Party Components
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Affected:
Easergy T300 (Firmware version 1.5.2 and older)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1103",
"description": "CWE-1103: Use of Platform-Dependent Third Party Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:45:22.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1103: Use of Platform-Dependent Third Party Components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7512",
"datePublished": "2020-06-16T19:45:22.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-P8CQ-PV6W-6RWX
Vulnerability from github – Published: 2023-03-03 03:30 – Updated: 2023-03-14 19:39
VLAI
Summary
Cockpit Uses Platform-Dependent Third Party Components
Details
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0.
Severity
5.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "cockpit-hq/cockpit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1160"
],
"database_specific": {
"cwe_ids": [
"CWE-1103"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-03T23:00:46Z",
"nvd_published_at": "2023-03-03T02:15:00Z",
"severity": "MODERATE"
},
"details": "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0.",
"id": "GHSA-p8cq-pv6w-6rwx",
"modified": "2023-03-14T19:39:24Z",
"published": "2023-03-03T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1160"
},
{
"type": "WEB",
"url": "https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8"
},
{
"type": "PACKAGE",
"url": "https://github.com/cockpit-hq/cockpit"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cockpit Uses Platform-Dependent Third Party Components"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.