CWE-294
AllowedAuthentication Bypass by Capture-replay
Abstraction: Base · Status: Incomplete
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
342 vulnerabilities reference this CWE, most recent first.
CVE-2024-8260 (GCVE-0-2024-8260)
Vulnerability from cvelistv5 – Published: 2024-08-30 12:22 – Updated: 2024-08-30 13:17- CWE-294 - Authentication Bypass by Capture-replay
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T13:17:12.000729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T13:17:20.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/open-policy-agent/opa",
"defaultStatus": "unaffected",
"product": "OPA",
"vendor": "Styra",
"versions": [
{
"lessThan": "v0.68.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library\u2019s functions."
}
],
"value": "A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library\u2019s functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T12:22:45.964Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2024-36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OPA SMB Force-Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2024-8260",
"datePublished": "2024-08-30T12:22:45.964Z",
"dateReserved": "2024-08-28T12:18:55.569Z",
"dateUpdated": "2024-08-30T13:17:20.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5249 (GCVE-0-2024-5249)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:23 – Updated: 2025-01-09 19:23- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:49:40.520963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:23:49.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI Platform \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2024.1.0, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSAML tokens can be replayed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:32:20.470Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML Replay in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5249",
"datePublished": "2024-07-30T18:23:29.074Z",
"dateReserved": "2024-05-22T21:47:47.618Z",
"dateUpdated": "2025-01-09T19:23:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3982 (GCVE-0-2024-3982)
Vulnerability from cvelistv5 – Published: 2024-08-27 12:47 – Updated: 2024-08-27 17:52- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA SYS600 |
Affected:
10.0 , ≤ 10.5
(custom)
|
|
| hitachi | microscada_x_sys600 |
Affected:
10.0 , ≤ 10.5
(custom)
cpe:2.3:a:hitachi:microscada_x_sys600:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:microscada_x_sys600:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "microscada_x_sys600",
"vendor": "hitachi",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T17:49:48.661304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T17:52:18.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with local access to machine where MicroSCADA X\nSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level\nis not enabled and only users with administrator rights can enable it."
}
],
"value": "An attacker with local access to machine where MicroSCADA X\nSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level\nis not enabled and only users with administrator rights can enable it."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T12:47:21.577Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-3982",
"datePublished": "2024-08-27T12:47:21.577Z",
"dateReserved": "2024-04-19T12:47:07.829Z",
"dateUpdated": "2024-08-27T17:52:18.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50786 (GCVE-0-2023-50786)
Vulnerability from cvelistv5 – Published: 2025-07-05 00:00 – Updated: 2025-07-07 18:35- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| dradisframework | Dradis |
Affected:
0 , ≤ 4.16.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T18:33:29.665087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T18:35:07.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dradis",
"vendor": "dradisframework",
"versions": [
{
"lessThanOrEqual": "4.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-05T03:06:38.089Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://dradis.com/"
},
{
"url": "https://dradis.com/ce"
},
{
"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50786",
"datePublished": "2025-07-05T00:00:00.000Z",
"dateReserved": "2023-12-14T00:00:00.000Z",
"dateUpdated": "2025-07-07T18:35:07.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45794 (GCVE-0-2023-45794)
Vulnerability from cvelistv5 – Published: 2023-11-14 11:04 – Updated: 2025-12-16 18:23- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix Applications using Mendix 10 |
Affected:
All versions < V10.4.0
|
|
| Siemens | Mendix Applications using Mendix 7 |
Affected:
All versions < V7.23.37
|
|
| Siemens | Mendix Applications using Mendix 8 |
Affected:
All versions < V8.18.27
|
|
| Siemens | Mendix Applications using Mendix 9 |
Affected:
All versions < V9.24.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-18T05:00:40.318879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:18.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix Applications using Mendix 10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V10.4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Applications using Mendix 7",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.23.37"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Applications using Mendix 8",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.18.27"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Applications using Mendix 9",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.24.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions \u003c V10.4.0), Mendix Applications using Mendix 7 (All versions \u003c V7.23.37), Mendix Applications using Mendix 8 (All versions \u003c V8.18.27), Mendix Applications using Mendix 9 (All versions \u003c V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app\u0027s model and access control design.\r\n\r\nThis could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T11:04:16.602Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-45794",
"datePublished": "2023-11-14T11:04:16.602Z",
"dateReserved": "2023-10-12T17:15:59.195Z",
"dateUpdated": "2025-12-16T18:23:18.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41890 (GCVE-0-2023-41890)
Vulnerability from cvelistv5 – Published: 2023-09-19 14:38 – Updated: 2024-10-15 18:32| URL | Tags |
|---|---|
| https://github.com/Sustainsys/Saml2/security/advi… | x_refsource_CONFIRM |
| https://github.com/Sustainsys/Saml2/issues/712 | x_refsource_MISC |
| https://github.com/Sustainsys/Saml2/issues/713 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Sustainsys | Saml2 |
Affected:
< 1.0.3
Affected: >= 2.0.0, < 2.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39"
},
{
"name": "https://github.com/Sustainsys/Saml2/issues/712",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Sustainsys/Saml2/issues/712"
},
{
"name": "https://github.com/Sustainsys/Saml2/issues/713",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Sustainsys/Saml2/issues/713"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:28:58.427263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:32:14.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Saml2",
"vendor": "Sustainsys",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. \nPrior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-289",
"description": "CWE-289: Authentication Bypass by Alternate Name",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T14:38:55.861Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39"
},
{
"name": "https://github.com/Sustainsys/Saml2/issues/712",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Sustainsys/Saml2/issues/712"
},
{
"name": "https://github.com/Sustainsys/Saml2/issues/713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Sustainsys/Saml2/issues/713"
}
],
"source": {
"advisory": "GHSA-fv2h-753j-9g39",
"discovery": "UNKNOWN"
},
"title": "Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41890",
"datePublished": "2023-09-19T14:38:55.861Z",
"dateReserved": "2023-09-04T16:31:48.225Z",
"dateUpdated": "2024-10-15T18:32:14.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39547 (GCVE-0-2023-39547)
Vulnerability from cvelistv5 – Published: 2023-11-17 05:31 – Updated: 2024-12-02 18:52- CWE-294 - Authentication bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
|
| NEC Corporation | CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:25:13.395504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T18:52:58.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:50:37.452Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39547",
"datePublished": "2023-11-17T05:31:27.701Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-12-02T18:52:58.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39373 (GCVE-0-2023-39373)
Vulnerability from cvelistv5 – Published: 2023-09-03 14:45 – Updated: 2024-09-27 15:37- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| Hyundai | model (2017) |
Unknown:
model (2017) , < model (2018)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T14:35:00.620958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:37:25.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "model (2017)",
"vendor": " Hyundai",
"versions": [
{
"lessThan": "model (2018)",
"status": "unknown",
"version": "model (2017)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osher Assor"
}
],
"datePublic": "2023-09-03T13:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n\u00a0A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T14:45:13.160Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"source": {
"advisory": "ILVN-2023-0130",
"discovery": "UNKNOWN"
},
"title": " Hyundai car CWE-294: Authentication Bypass by Capture-replay ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2023-39373",
"datePublished": "2023-09-03T14:45:13.160Z",
"dateReserved": "2023-07-30T10:41:13.579Z",
"dateUpdated": "2024-09-27T15:37:25.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36857 (GCVE-0-2023-36857)
Vulnerability from cvelistv5 – Published: 2023-10-18 23:27 – Updated: 2025-01-16 21:29- CWE-294 - Authentication Bypass by Capture-replay
| Vendor | Product | Version | |
|---|---|---|---|
| Baker Hughes - Bently Nevada | Bently Nevada 3500 System |
Affected:
5.05
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:59.973503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:29:13.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Bently Nevada 3500 System",
"vendor": "Baker Hughes - Bently Nevada",
"versions": [
{
"status": "affected",
"version": "5.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks"
}
],
"datePublic": "2023-09-26T14:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\u003c/span\u003e\n\n contains\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea replay vulnerability which could allow an attacker to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereplay older captured packets of traffic to the device to gain access.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\n\n\nBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains\u00a0a replay vulnerability which could allow an attacker to \n\n\n\nreplay older captured packets of traffic to the device to gain access.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T23:27:31.794Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05"
}
],
"source": {
"advisory": "ICSA-23-269-05",
"discovery": "EXTERNAL"
},
"title": "Baker Hughes Bently Nevada 3500 System Authentication Bypass by Capture-replay",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nBaker Hughes \u2013 Bently Nevada recommends that users follow their \nhardening guidelines to reduce the risk of exploitation. Customers who \nhave registered for access to Baker Hughes DAM may directly access the \nhardening guideline at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08\"\u003ehttps://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003cp\u003eFor customers that do not have access to Baker Hughes DAM may send an email to \u003ca target=\"_blank\" rel=\"nofollow\"\u003ebentlysupport@bakerhughes.com\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;to request document 106M9733.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Baker Hughes \u2013 Bently Nevada recommends that users follow their \nhardening guidelines to reduce the risk of exploitation. Customers who \nhave registered for access to Baker Hughes DAM may directly access the \nhardening guideline at https://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08 https://dam.bakerhughes.com/media/ .For customers that do not have access to Baker Hughes DAM may send an email to bentlysupport@bakerhughes.com\u00a0to request document 106M9733.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36857",
"datePublished": "2023-10-18T23:27:31.794Z",
"dateReserved": "2023-07-21T16:52:22.735Z",
"dateUpdated": "2025-01-16T21:29:13.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33854 (GCVE-0-2023-33854)
Vulnerability from cvelistv5 – Published: 2026-06-22 14:31 – Updated: 2026-06-23 13:43- CWE-294 - Authentication Bypass by Capture-replay
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7277112 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data |
Affected:
4.8.0 , ≤ 1.8.4
(semver)
Affected: 5.0.0 , ≤ 5.3.0 (semver) cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T13:41:25.316058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T13:43:26.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:*:*:*:*:*:*:*"
],
"product": "Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.8.4",
"status": "affected",
"version": "4.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.0",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.\u003c/p\u003e"
}
],
"value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:31:21.168Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7277112"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixed in Fix Pack\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInstructions\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev5.4\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eDb2 Warehouse:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading\u003c/a\u003e\u003c/p\u003e\u003cp\u003eDb2:\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.\n\nProductFixed in Fix Pack\n\nInstructions\n\nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data\n\nv5.4\n\n\n\nDb2 Warehouse:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgrading \n\n\n\nDb2:\u00a0 https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading"
}
],
"title": "Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-33854",
"datePublished": "2026-06-22T14:31:21.168Z",
"dateReserved": "2023-05-23T00:32:05.085Z",
"dateUpdated": "2026-06-23T13:43:26.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Utilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once.
Mitigation
Since any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-701: Browser in the Middle (BiTM)
An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.