CWE-552
AllowedFiles or Directories Accessible to External Parties
Abstraction: Base · Status: Draft
The product makes files or directories accessible to unauthorized actors, even though they should not be.
670 vulnerabilities reference this CWE, most recent first.
CVE-2024-7729 (GCVE-0-2024-7729)
Vulnerability from cvelistv5 – Published: 2024-08-14 03:52 – Updated: 2024-08-16 15:46- CWE-552 - Files or Directories Accessible to External Parties
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html | third-party-advisory |
| https://resource1.cayintech.com/patch/ | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-2100 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | CMS-20 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-60 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(18.04) |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(22.04) |
Affected:
11.0
|
|
| CAYIN Technology | SMP-8100 |
Affected:
4.0
|
|
| CAYIN Technology | SMP-2400 |
Affected:
4.0
|
|
| cayintech | smp-2100 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:* |
|
| cayintech | smp-6000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000qd |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:* |
|
| cayintech | cms-20 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-60 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(18.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(18.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(22.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(22.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8100 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2400 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2200",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2210",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2300",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2310",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-6000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000qd",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-20",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-60",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(18.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(22.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2400",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:25:14.308294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:19.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-20",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-60",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(18.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(22.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2400",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"datePublic": "2024-08-14T03:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T03:52:43.673Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"
},
{
"tags": [
"patch"
],
"url": "https://resource1.cayintech.com/patch/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24012 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2100 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-6000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000QD v3.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24006 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-20 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-60 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(18.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24007 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(22.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24008 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8100 v4.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24009 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2400 v4.0\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Install patch P24012 or later for following versions\uff1a\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions\uff1a\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions\uff1a\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions\uff1a\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions\uff1a\nSMP-2400 v4.0"
}
],
"source": {
"advisory": "TVN-202408004",
"discovery": "EXTERNAL"
},
"title": "CAYIN Technology CMS - Sensitive File Download",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7729",
"datePublished": "2024-08-14T03:52:43.673Z",
"dateReserved": "2024-08-13T06:08:30.865Z",
"dateUpdated": "2024-08-16T15:46:19.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7107 (GCVE-0-2024-7107)
Vulnerability from cvelistv5 – Published: 2024-09-26 12:02 – Updated: 2026-06-03 11:36- CWE-552 - Files or Directories Accessible to External Parties
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1549 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| National Keep Cyber Security Services | CyberMath |
Affected:
0 , < CYBM.240816253
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T12:59:23.837947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T12:59:32.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CyberMath",
"vendor": "National Keep Cyber Security Services",
"versions": [
{
"lessThan": "CYBM.240816253",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serhat YAPICI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects CyberMath: before CYBM.240816253.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.\n\nThis issue affects CyberMath: before CYBM.240816253."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T11:36:41.140Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1549"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1549"
}
],
"source": {
"advisory": "TR-24-1549",
"defect": [
"TR-24-1549"
],
"discovery": "UNKNOWN"
},
"title": "Directory Traversal in National Keep\u0027s CyberMath",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-7107",
"datePublished": "2024-09-26T12:02:41.541Z",
"dateReserved": "2024-07-25T13:01:03.362Z",
"dateUpdated": "2026-06-03T11:36:41.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6911 (GCVE-0-2024-6911)
Vulnerability from cvelistv5 – Published: 2024-07-22 20:44 – Updated: 2025-02-13 17:58- CWE-552 - Files or Directories Accessible to External Parties
| URL | Tags |
|---|---|
| https://cyberdanube.com/en/en-multiple-vulnerabil… | third-party-advisory |
| http://seclists.org/fulldisclosure/2024/Jul/13 |
| Vendor | Product | Version | |
|---|---|---|---|
| PerkinElmer | ProcessPlus |
Affected:
0 , ≤ 1.11.6507.0
(custom)
|
|
| perkin_elmer | process_plus |
Affected:
0 , ≤ 1.11.6507.0
(custom)
cpe:2.3:a:perkin_elmer:process_plus:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perkin_elmer:process_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_plus",
"vendor": "perkin_elmer",
"versions": [
{
"lessThanOrEqual": "1.11.6507.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6911",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T13:09:10.592161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T13:11:17.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ProcessPlus",
"vendor": "PerkinElmer",
"versions": [
{
"lessThanOrEqual": "1.11.6507.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S. Dietz (CyberDanube)"
},
{
"lang": "en",
"type": "finder",
"value": "T. Weber (CyberDanube)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.\u003cp\u003eThis issue affects ProcessPlus: through 1.11.6507.0.\u003c/p\u003e"
}
],
"value": "Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:55:10.509Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/13"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Install the patched version 2.0.0."
}
],
"value": "Install the patched version 2.0.0."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Local File Inclusion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-6911",
"datePublished": "2024-07-22T20:44:30.475Z",
"dateReserved": "2024-07-19T08:59:58.455Z",
"dateUpdated": "2025-02-13T17:58:00.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6878 (GCVE-0-2024-6878)
Vulnerability from cvelistv5 – Published: 2024-09-18 14:55 – Updated: 2026-06-03 12:09- CWE-552 - Files or Directories Accessible to External Parties
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1497 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Eliz Software | Panel |
Affected:
0 , < v2.3.24
(custom)
|
|
| eliz_software | panel |
Affected:
0 , < v2.3.24
(custom)
cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "panel",
"vendor": "eliz_software",
"versions": [
{
"lessThan": "v2.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:53:07.753591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:58:13.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Panel",
"vendor": "Eliz Software",
"versions": [
{
"lessThan": "v2.3.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serhat YAPICI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Panel: before v2.3.24.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.\n\nThis issue affects Panel: before v2.3.24."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T12:09:38.557Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1497"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1497"
}
],
"source": {
"advisory": "TR-24-1497",
"defect": [
"TR-24-1497"
],
"discovery": "UNKNOWN"
},
"title": "Directory Browsing in Eliz Software\u0027s Panel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-6878",
"datePublished": "2024-09-18T14:55:24.769Z",
"dateReserved": "2024-07-18T09:00:28.879Z",
"dateUpdated": "2026-06-03T12:09:38.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6421 (GCVE-0-2024-6421)
Vulnerability from cvelistv5 – Published: 2024-07-10 07:36 – Updated: 2025-08-22 07:00- CWE-552 - Files or Directories Accessible to External Parties
| Vendor | Product | Version | |
|---|---|---|---|
| Pepperl+Fuchs | OIT1500-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|
| Pepperl+Fuchs | OIT200-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|
| Pepperl+Fuchs | OIT500-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|
| Pepperl+Fuchs | OIT700-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|
| pepperl-fuchs | oit1500-f113-b12-cb_firmware |
Affected:
0 , ≤ V2.11.0
(semver)
cpe:2.3:o:pepperl-fuchs:oit1500-f113-b12-cb_firmware:*:*:*:*:*:*:*:* |
|
| pepperl-fuchs | oit200-f113-b12-cb_firmware |
Affected:
0 , ≤ V2.11.0
(semver)
cpe:2.3:o:pepperl-fuchs:oit200-f113-b12-cb_firmware:*:*:*:*:*:*:*:* |
|
| pepperl-fuchs | oit500-f113-b12-cb_firmware |
Affected:
0 , ≤ V2.11.0
(semver)
cpe:2.3:o:pepperl-fuchs:oit500-f113-b12-cb_firmware:*:*:*:*:*:*:*:* |
|
| pepperl-fuchs | oit700-f113-b12-cb_firmware |
Affected:
0 , ≤ V2.11.0
(semver)
cpe:2.3:o:pepperl-fuchs:oit700-f113-b12-cb_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit1500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit1500-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit200-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit200-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit500-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit700-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit700-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:15:26.548063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T14:33:22.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OIT1500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT200-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT700-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "BMW AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
}
],
"value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T07:00:50.289Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"source": {
"advisory": "VDE-2024-038",
"defect": [
"CERT@VDE#641655"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-6421",
"datePublished": "2024-07-10T07:36:52.119Z",
"dateReserved": "2024-07-01T07:38:21.490Z",
"dateUpdated": "2025-08-22T07:00:50.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6209 (GCVE-0-2024-6209)
Vulnerability from cvelistv5 – Published: 2024-07-05 11:10 – Updated: 2024-12-05 12:13- CWE-552 - Files or Directories Accessible to External Parties
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | ASPECT-Enterprise |
Affected:
0 , ≤ 3.08.01
(custom)
|
|
| ABB | NEXUS Series |
Affected:
0 , ≤ 3.08.01
(custom)
|
|
| ABB | MATRIX Series |
Affected:
0 , ≤ 3.08.01
(custom)
|
|
| abb | aspect-ent-2_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:* |
|
| abb | aspect-ent-96_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-2128-a_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-2128-f_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-2128_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-2128-g_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-264-a_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-264-f_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-264_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-264-g_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-3-2128_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:* |
|
| abb | nexus-3-264_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:* |
|
| abb | matrix-11_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:* |
|
| abb | matrix-216_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:* |
|
| abb | matrix-232_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:* |
|
| abb | matrix-264_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:* |
|
| abb | aspect-ent-12_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:* |
|
| abb | aspect-ent-256_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:* |
|
| abb | matrix-296_firmware |
Affected:
0 , < 3.08.01
(custom)
cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-2_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-96_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-a_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-f_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-2128-g_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264-a_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264-f_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nexus-264-g_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-3-2128_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nexus-3-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-11_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-216_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-232_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-264_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-12_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aspect-ent-256_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "matrix-296_firmware",
"vendor": "abb",
"versions": [
{
"lessThan": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T17:24:31.125468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:24:44.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.39956449.23035250.1719878527-141379670.1701144964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ASPECT-Enterprise",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NEXUS Series",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "MATRIX Series",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.08.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized\u0026nbsp;"
}
],
"value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "IRRECOVERABLE",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T12:13:47.544Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "unauthorized file access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-6209",
"datePublished": "2024-07-05T11:10:05.458Z",
"dateReserved": "2024-06-20T16:27:24.196Z",
"dateUpdated": "2024-12-05T12:13:47.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5587 (GCVE-0-2024-5587)
Vulnerability from cvelistv5 – Published: 2024-06-02 10:00 – Updated: 2024-08-20 13:47- CWE-552 - Files or Directories Accessible
| URL | Tags |
|---|---|
| https://vuldb.com/?id.266838 | vdb-entry |
| https://vuldb.com/?ctiid.266838 | signaturepermissions-required |
| https://vuldb.com/?submit.343357 | third-party-advisory |
| https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wk… | exploit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-266838 | Casdoor Configuration File app.conf file access",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.266838"
},
{
"name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.266838"
},
{
"name": "Submit #343357 | https://casdoor.org/ Casdoor \u003c= v1.335.0 Unprotected Confidential Information on Device is Accessible by",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.343357"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "casdoor",
"vendor": "casbin",
"versions": [
{
"lessThanOrEqual": "1.335",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5587",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:43:22.313467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:47:48.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Handler"
],
"product": "Casdoor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XbnWa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Casdoor bis 1.335.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /conf/app.conf der Komponente Configuration File Handler. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-02T10:00:07.703Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-266838 | Casdoor Configuration File app.conf file access",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.266838"
},
{
"name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.266838"
},
{
"name": "Submit #343357 | https://casdoor.org/ Casdoor \u003c= v1.335.0 Unprotected Confidential Information on Device is Accessible by",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.343357"
},
{
"tags": [
"exploit"
],
"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-01T19:21:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Casdoor Configuration File app.conf file access"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-5587",
"datePublished": "2024-06-02T10:00:07.703Z",
"dateReserved": "2024-06-01T17:15:45.189Z",
"dateUpdated": "2024-08-20T13:47:48.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5262 (GCVE-0-2024-5262)
Vulnerability from cvelistv5 – Published: 2024-06-05 04:00 – Updated: 2024-08-01 21:11- CWE-552 - Files or Directories Accessible to External Parties
| URL | Tags |
|---|---|
| https://zuso.ai/advisory/za-2024-01 | third-party-advisory |
| https://github.com/projectdiscovery/interactsh/pull/874 | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| ProjectDiscovery | Interactsh |
Affected:
v0.0.6 , ≤ v1.1.9
(custom)
|
|
| projectdiscovery | interactsh |
Affected:
0.0.6 , ≤ 1.1.9
(custom)
cpe:2.3:a:projectdiscovery:interactsh:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projectdiscovery:interactsh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "interactsh",
"vendor": "projectdiscovery",
"versions": [
{
"lessThanOrEqual": "1.1.9",
"status": "affected",
"version": "0.0.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T13:49:50.112559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T13:51:58.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://zuso.ai/advisory/za-2024-01"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/projectdiscovery/interactsh/pull/874"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Interactsh",
"vendor": "ProjectDiscovery",
"versions": [
{
"lessThanOrEqual": "v1.1.9",
"status": "affected",
"version": "v0.0.6",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login."
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T04:00:31.273Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/projectdiscovery/interactsh/pull/874"
}
],
"source": {
"defect": [
"ZA-2024-01"
],
"discovery": "UNKNOWN"
},
"title": "ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-5262",
"datePublished": "2024-06-05T04:00:31.273Z",
"dateReserved": "2024-05-23T08:04:35.538Z",
"dateUpdated": "2024-08-01T21:11:11.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5056 (GCVE-0-2024-5056)
Vulnerability from cvelistv5 – Published: 2024-06-12 12:10 – Updated: 2024-08-01 21:03- CWE-552 - Files or Directories Accessible to External Parties
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Modicon M340 |
Affected:
All versions
|
|
| Schneider Electric | Network module, Modicon M340, Modbus/TCP BMXNOE0100 |
Affected:
All versions
|
|
| Schneider Electric | Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110 |
Affected:
All Versions
|
|
| schneider-electric | modicom_m340_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:schneider-electric:modicom_m340_firmware:-:*:*:*:*:*:*:* |
|
| schneider-electric | modicom_m340 |
Affected:
0 , < *
(custom)
cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:schneider-electric:modicom_m340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340_firmware",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modicom_m340",
"vendor": "schneider-electric",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:14:02.243238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:17:06.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Modbus/TCP BMXNOE0100",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem.\n\n"
}
],
"value": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:10:43.250Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-5056",
"datePublished": "2024-06-12T12:10:43.250Z",
"dateReserved": "2024-05-17T10:06:08.565Z",
"dateUpdated": "2024-08-01T21:03:10.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5045 (GCVE-0-2024-5045)
Vulnerability from cvelistv5 – Published: 2024-05-17 12:31 – Updated: 2024-08-01 21:03- CWE-552 - Files or Directories Accessible
| URL | Tags |
|---|---|
| https://vuldb.com/?id.264742 | vdb-entry |
| https://vuldb.com/?ctiid.264742 | signaturepermissions-required |
| https://vuldb.com/?submit.335384 | third-party-advisory |
| https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Online Birth Certificate Management System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:31:15.488826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:31:23.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264742 | SourceCodester Online Birth Certificate Management System admin file access",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.264742"
},
{
"name": "VDB-264742 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264742"
},
{
"name": "Submit #335384 | sourcecodeste Online Birth Certificate Management System 1.0 Directory traversal attack",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.335384"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Birth Certificate Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HuoMingZ (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In SourceCodester Online Birth Certificate Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T12:31:03.558Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264742 | SourceCodester Online Birth Certificate Management System admin file access",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.264742"
},
{
"name": "VDB-264742 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264742"
},
{
"name": "Submit #335384 | sourcecodeste Online Birth Certificate Management System 1.0 Directory traversal attack",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.335384"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-17T07:53:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Birth Certificate Management System admin file access"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-5045",
"datePublished": "2024-05-17T12:31:03.558Z",
"dateReserved": "2024-05-17T05:48:29.413Z",
"dateUpdated": "2024-08-01T21:03:10.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.