Common Weakness Enumeration

CWE-356

Allowed

Product UI does not Warn User of Unsafe Actions

Abstraction: Base · Status: Incomplete

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.

48 vulnerabilities reference this CWE, most recent first.

CVE-2025-14403 (GCVE-0-2025-14403)

Vulnerability from cvelistv5 – Published: 2025-12-23 21:21 – Updated: 2025-12-30 21:19
VLAI
Title
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability
Summary
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
zdi
References
Impacted products
Vendor Product Version
PDFsam Enhanced Affected: 7.0.76.15222
Create a notification for this product.
Date Public
2025-12-11 20:58
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T21:19:10.197545Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T21:19:16.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Enhanced",
          "vendor": "PDFsam",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.76.15222"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-10T01:37:16.913Z",
      "datePublic": "2025-12-11T20:58:41.335Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T21:21:15.464Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-1091",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1091/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-14403",
    "datePublished": "2025-12-23T21:21:15.464Z",
    "dateReserved": "2025-12-10T01:37:16.892Z",
    "dateUpdated": "2025-12-30T21:19:16.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14402 (GCVE-0-2025-14402)

Vulnerability from cvelistv5 – Published: 2025-12-23 21:21 – Updated: 2025-12-30 21:17
VLAI
Title
PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability
Summary
PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOC files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27499.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
zdi
References
Impacted products
Vendor Product Version
PDFsam Enhanced Affected: 7.0.76.15222
Create a notification for this product.
Date Public
2025-12-11 20:58
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14402",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T21:17:40.267233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T21:17:50.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Enhanced",
          "vendor": "PDFsam",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.76.15222"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-10T01:37:13.594Z",
      "datePublic": "2025-12-11T20:58:35.480Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of DOC files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27499."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T21:21:10.806Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-1090",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1090/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-14402",
    "datePublished": "2025-12-23T21:21:10.806Z",
    "dateReserved": "2025-12-10T01:37:13.574Z",
    "dateUpdated": "2025-12-30T21:17:50.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3839 (GCVE-0-2025-3839)

Vulnerability from cvelistv5 – Published: 2026-01-23 03:55 – Updated: 2026-01-23 18:54
VLAI
Title
Epiphany: insecure external protocol invocation in epiphany
Summary
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2025-3839 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2361430 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 47.5 (semver)
Affected: 48.0 , < 48.1 (semver)
Date Public
2025-04-21 00:00
Credits
Red Hat would like to thank Michael Catanzaro for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-23T18:54:33.993555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-23T18:54:44.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/epiphany",
          "defaultStatus": "unaffected",
          "packageName": "epiphany",
          "versions": [
            {
              "lessThan": "47.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "48.1",
              "status": "affected",
              "version": "48.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Michael Catanzaro for reporting this issue."
        }
      ],
      "datePublic": "2025-04-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T03:55:58.802Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3839"
        },
        {
          "name": "RHBZ#2361430",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361430"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-21T09:24:32.281Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-21T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Epiphany: insecure external protocol invocation in epiphany",
      "x_redhatCweChain": "CWE-356: Product UI does not Warn User of Unsafe Actions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2025-3839",
    "datePublished": "2026-01-23T03:55:58.802Z",
    "dateReserved": "2025-04-21T09:25:27.628Z",
    "dateUpdated": "2026-01-23T18:54:44.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2450 (GCVE-0-2025-2450)

Vulnerability from cvelistv5 – Published: 2025-03-18 13:18 – Updated: 2025-03-18 13:53
VLAI
Title
NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability
Summary
NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
zdi
References
Impacted products
Vendor Product Version
NI Vision Builder AI Affected: 2023 Q3
Create a notification for this product.
Date Public
2025-03-17 20:34
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2450",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T13:53:43.415243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T13:53:50.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Vision Builder AI",
          "vendor": "NI",
          "versions": [
            {
              "status": "affected",
              "version": "2023 Q3"
            }
          ]
        }
      ],
      "dateAssigned": "2025-03-17T16:50:55.018Z",
      "datePublic": "2025-03-17T20:34:30.786Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-18T13:18:12.908Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-147",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-147/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-2450",
    "datePublished": "2025-03-18T13:18:12.908Z",
    "dateReserved": "2025-03-17T16:50:54.949Z",
    "dateUpdated": "2025-03-18T13:53:50.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-30057 (GCVE-0-2024-30057)

Vulnerability from cvelistv5 – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
VLAI
Title
Microsoft Edge for iOS Spoofing Vulnerability
Summary
Microsoft Edge for iOS Spoofing Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 126.0.2592.56 (custom)
Create a notification for this product.
Date Public
2024-06-13 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30057",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T18:20:31.602770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T18:20:37.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:25:02.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Edge for iOS Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Edge for iOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "126.0.2592.56",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                  "versionEndExcluding": "126.0.2592.56",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-06-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-17T22:23:48.293Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Edge for iOS Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
        }
      ],
      "title": "Microsoft Edge for iOS Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-30057",
    "datePublished": "2024-06-13T19:24:38.694Z",
    "dateReserved": "2024-03-22T23:12:14.564Z",
    "dateUpdated": "2025-12-17T22:23:48.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4187 (GCVE-0-2024-4187)

Vulnerability from cvelistv5 – Published: 2024-07-31 20:28 – Updated: 2024-08-12 13:49
VLAI
Title
Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.
Summary
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
Impacted products
Vendor Product Version
OpenText™ Filr Affected: 24.1.1
Affected: 24.2
Create a notification for this product.
Credits
Dmytro Pravytskyi - AWARE7 GmbH
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T19:37:29.536130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:37:48.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Filr",
          "vendor": "OpenText\u2122",
          "versions": [
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "24.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dmytro Pravytskyi - AWARE7 GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\u003c/span\u003e"
            }
          ],
          "value": "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:P/AU:N/V:D/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-12T13:49:42.081Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://portal.microfocus.com/s/article/KM000032291"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000032291\"\u003ehttps://portal.microfocus.com/s/article/KM000032291\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "https://portal.microfocus.com/s/article/KM000032291"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr. The vulnerability could cause users to not be warned when clicking links to external sites.",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2024-4187",
    "datePublished": "2024-07-31T20:28:22.578Z",
    "dateReserved": "2024-04-25T14:38:55.973Z",
    "dateUpdated": "2024-08-12T13:49:42.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3044 (GCVE-0-2024-3044)

Vulnerability from cvelistv5 – Published: 2024-05-14 20:19 – Updated: 2024-11-12 20:14
VLAI
Title
Graphic on-click binding allows unchecked script execution
Summary
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
The Document Foundation LibreOffice Affected: 7.6 , < 7.6.7 (7.6 series)
Affected: 24.2 , < 24.2.3 (24.2 series)
Create a notification for this product.
Credits
Thanks to Amel Bouziane-Leblond for for finding and reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T18:55:50.828860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:14:27.961Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LibreOffice",
          "vendor": "The Document Foundation",
          "versions": [
            {
              "lessThan": "7.6.7",
              "status": "affected",
              "version": "7.6",
              "versionType": "7.6 series"
            },
            {
              "lessThan": "24.2.3",
              "status": "affected",
              "version": "24.2",
              "versionType": "24.2 series"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Amel Bouziane-Leblond for for finding and reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\u003cbr\u003e"
            }
          ],
          "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-160",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-160 Exploit Script-Based APIs"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356 Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-20T10:09:29.430Z",
        "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
        "shortName": "Document Fdn."
      },
      "references": [
        {
          "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Graphic on-click binding allows unchecked script execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
    "assignerShortName": "Document Fdn.",
    "cveId": "CVE-2024-3044",
    "datePublished": "2024-05-14T20:19:51.426Z",
    "dateReserved": "2024-03-28T15:28:21.866Z",
    "dateUpdated": "2024-11-12T20:14:27.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39362 (GCVE-0-2022-39362)

Vulnerability from cvelistv5 – Published: 2022-10-26 00:00 – Updated: 2025-04-23 16:42
VLAI
Title
Metabase vulnerable to arbitrary SQL execution from queryhash
Summary
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
Impacted products
Vendor Product Version
metabase metabase Affected: < 0.41.9
Affected: >= 0.42.0, < 0.42.6
Affected: >= 0.43.0, < 0.43.7
Affected: >= 0.44.0, < 0.44.5
Affected: >= 1.0.0, < 1.41.9
Affected: >= 1.42.0, < 1.42.6
Affected: >= 1.43.0, < 1.43.7
Affected: >= 1.44.0, < 1.44.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/metabase/metabase/commit/b7c6bb905a9187347cfc9035443b514713027a5c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39362",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:47:19.634079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:42:26.901Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "metabase",
          "vendor": "metabase",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.41.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.42.0, \u003c 0.42.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.43.0, \u003c 0.43.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.44.0, \u003c 0.44.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.41.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.42.0, \u003c 1.42.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.43.0, \u003c 1.43.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.44.0, \u003c 1.44.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-26T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238"
        },
        {
          "url": "https://github.com/metabase/metabase/commit/b7c6bb905a9187347cfc9035443b514713027a5c"
        }
      ],
      "source": {
        "advisory": "GHSA-93wj-fgjg-r238",
        "discovery": "UNKNOWN"
      },
      "title": "Metabase vulnerable to arbitrary SQL execution from queryhash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39362",
    "datePublished": "2022-10-26T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:42:26.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36970 (GCVE-0-2022-36970)

Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 20:01
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
zdi
Impacted products
Vendor Product Version
AVEVA Edge Affected: 20.0 Build: 4201.2111.1802.0000 Service Pack 2
Create a notification for this product.
Credits
Aaron Ferber
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1129/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-36970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T20:00:58.067630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T20:01:03.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Edge",
          "vendor": "AVEVA",
          "versions": [
            {
              "status": "affected",
              "version": "20.0 Build: 4201.2111.1802.0000 Service Pack 2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Aaron Ferber"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T00:00:00.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1129/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2022-36970",
    "datePublished": "2023-03-29T00:00:00.000Z",
    "dateReserved": "2022-07-27T00:00:00.000Z",
    "dateUpdated": "2025-02-18T20:01:03.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-35873 (GCVE-0-2022-35873)

Vulnerability from cvelistv5 – Published: 2022-07-25 18:17 – Updated: 2024-08-03 09:44
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.
CWE
  • CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
zdi
References
Impacted products
Vendor Product Version
Inductive Automation Ignition Affected: 8.1.15 (b2022030114)
Create a notification for this product.
Credits
20urdjk
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ignition",
          "vendor": "Inductive Automation",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.15 (b2022030114)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "20urdjk"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T18:17:01.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2022-35873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ignition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.15 (b2022030114)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Inductive Automation"
              }
            ]
          }
        },
        "credit": "20urdjk",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-356: Product UI does not Warn User of Unsafe Actions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
              "refsource": "MISC",
              "url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2022-35873",
    "datePublished": "2022-07-25T18:17:01.000Z",
    "dateReserved": "2022-07-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T09:44:22.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.