Common Weakness Enumeration

CWE-477

Allowed

Use of Obsolete Function

Abstraction: Base · Status: Draft

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

28 vulnerabilities reference this CWE, most recent first.

GHSA-F5JF-FFMH-7GFQ

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "HIGH"
  },
  "details": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
  "id": "GHSA-f5jf-ffmh-7gfq",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49214"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-371"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H576-R27X-2CJG

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.",
  "id": "GHSA-h576-r27x-2cjg",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49213"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-370"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J4PP-RP58-2QHJ

Vulnerability from github – Published: 2023-04-20 00:30 – Updated: 2024-04-04 03:36
VLAI
Details

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-477"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T23:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number \u003e2311xxxx have the Telnet interface disabled by factory default.",
  "id": "GHSA-j4pp-rp58-2qhj",
  "modified": "2024-04-04T03:36:30Z",
  "published": "2023-04-20T00:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23451"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP4Q-GCM4-WW9C

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49212"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:38Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.",
  "id": "GHSA-mp4q-gcm4-ww9c",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49212"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QH4C-Q793-RVMW

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.",
  "id": "GHSA-qh4c-q793-rvmw",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49217"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-374"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VMW3-XQX8-H247

Vulnerability from github – Published: 2025-06-17 18:31 – Updated: 2025-06-17 18:31
VLAI
Details

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T18:15:27Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.",
  "id": "GHSA-vmw3-xqx8-h247",
  "modified": "2025-06-17T18:31:37Z",
  "published": "2025-06-17T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49220"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-367"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRFJ-H54J-3H3Q

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:52
VLAI
Details

In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-04T14:15:00Z",
    "severity": "LOW"
  },
  "details": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.",
  "id": "GHSA-wrfj-h54j-3h3q",
  "modified": "2024-04-04T01:52:51Z",
  "published": "2022-05-24T16:55:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10988"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFCV-JHFX-64PP

Vulnerability from github – Published: 2025-06-17 18:31 – Updated: 2025-06-17 18:31
VLAI
Details

An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-477",
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T18:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.",
  "id": "GHSA-xfcv-jhfx-64pp",
  "modified": "2025-06-17T18:31:37Z",
  "published": "2025-06-17T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49219"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-366"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.

Mitigation
Requirements

Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

No CAPEC attack patterns related to this CWE.