Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

CVE-2023-6096 (GCVE-0-2023-6096)

Vulnerability from cvelistv5 – Published: 2024-04-26 07:16 – Updated: 2024-08-02 08:21
VLAI
Title
using a inappropriate encryption logic
Summary
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Hanwha Vision Co., Ltd. HRX-1620 Affected: 3.05.62 and prior versions
Create a notification for this product.
hanwhavision xrn-2010 Affected: *
    cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-2010a Affected: *
    cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-2011 Affected: *
    cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-2011a Affected: *
    cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-3010a Affected: *
    cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision arn-3250 Affected: *
    cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-810s Affected: *
    cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-410s Affected: *
    cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qrn-810 Affected: *
    cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qrn-410 Affected: *
    cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-1621 Affected: *
    cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-1620 Affected: *
    cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-821 Affected: *
    cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-820 Affected: *
    cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-421 Affected: *
    cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision hrx-420 Affected: *
    cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision xrn-420s Affected: *
    cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qrn-430s Affected: *
    cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-26 07:08
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2010",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2010a",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2010:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2010",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2010a:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2010a",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2011:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hanwhavision:xrn-2011a:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-2011a",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:xrn-3010a:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-3010a",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:arn-3250:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "arn-3250",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:xrn-810s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-810s",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:xrn-410s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-410s",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qrn-810:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qrn-810",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qrn-410:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qrn-410",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-1621:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-1621",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-1620:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-1620",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-821:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-821",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-820:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-820",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-421:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-421",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:hrx-420:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hrx-420",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:xrn-420s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xrn-420s",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qrn-430s",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qrn-430s:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qrn-430s",
            "vendor": "hanwhavision",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-26T16:12:56.278086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:16:54.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HRX-1620",
          "vendor": "Hanwha Vision Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "3.05.62 and prior versions"
            }
          ]
        }
      ],
      "datePublic": "2024-04-26T07:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nVladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-26T07:16:12.080Z",
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision"
      },
      "references": [
        {
          "url": "https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "using a inappropriate encryption logic",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "cveId": "CVE-2023-6096",
    "datePublished": "2024-04-26T07:16:12.080Z",
    "dateReserved": "2023-11-13T09:07:04.294Z",
    "dateUpdated": "2024-08-02T08:21:17.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5751 (GCVE-0-2023-5751)

Vulnerability from cvelistv5 – Published: 2024-06-04 08:54 – Updated: 2024-08-02 08:07
VLAI
Title
CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
Summary
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
CODESYS CODESYS Control Win (SL) Affected: 0 , < 3.5.20.10 (semver)
Create a notification for this product.
CODESYS CODESYS Development System V3 Affected: 0 , < 3.5.20.10 (semver)
Create a notification for this product.
CODESYS CODESYS Edge Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
Create a notification for this product.
CODESYS CODESYS Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
Create a notification for this product.
CODESYS CODESYS HMI (SL) Affected: 0 , < 3.5.20.10 (semver)
Create a notification for this product.
codesys control_win_sl Affected: 0 , < 3.5.20.10 (custom)
    cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*
Create a notification for this product.
codesys development_system_v3 Affected: 0 , < 3.5.20.10 (custom)
    cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*
Create a notification for this product.
codesys edge_gateway Affected: 0 , < 3.5.20.10 (custom)
    cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*
Create a notification for this product.
codesys gateway Affected: 0 , < 3.5.20.10 (custom)
    cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*
Create a notification for this product.
codesys hmi_sl Affected: 0 , < 3.5.20.10 (custom)
    cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
joker63
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "control_win_sl",
            "vendor": "codesys",
            "versions": [
              {
                "lessThan": "3.5.20.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "development_system_v3",
            "vendor": "codesys",
            "versions": [
              {
                "lessThan": "3.5.20.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edge_gateway",
            "vendor": "codesys",
            "versions": [
              {
                "lessThan": "3.5.20.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "gateway",
            "vendor": "codesys",
            "versions": [
              {
                "lessThan": "3.5.20.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hmi_sl",
            "vendor": "codesys",
            "versions": [
              {
                "lessThan": "3.5.20.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T14:51:51.731368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:31.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control Win (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Development System V3",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Edge Gateway for Windows",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Gateway for Windows",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS HMI (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "joker63"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u00a0\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-04T08:54:22.046Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
        },
        {
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
        }
      ],
      "source": {
        "advisory": "VDE-2024-027",
        "defect": [
          "CERT@VDE#64603"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "CODESYS: Development system prone to DoS through exposure of resource to wrong sphere",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-5751",
    "datePublished": "2024-06-04T08:54:22.046Z",
    "dateReserved": "2023-10-24T11:46:25.505Z",
    "dateUpdated": "2024-08-02T08:07:32.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4910 (GCVE-0-2023-4910)

Vulnerability from cvelistv5 – Published: 2023-11-06 12:49 – Updated: 2025-11-20 17:56
VLAI
Title
3scale-admin-portal: logged out users tokens can be accessed
Summary
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2023-4910 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2238498 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
Create a notification for this product.
Date Public
2023-09-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4910",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T15:18:13.339253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:12.993Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:52.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4910"
          },
          {
            "name": "RHBZ#2238498",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_3scale_amp:2"
          ],
          "defaultStatus": "affected",
          "packageName": "3scale-admin-portal",
          "product": "Red Hat 3scale API Management Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-09-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T17:56:04.708Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4910"
        },
        {
          "name": "RHBZ#2238498",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238498"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-12T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-12T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "3scale-admin-portal: logged out users tokens can be accessed",
      "workarounds": [
        {
          "lang": "en",
          "value": "No mitigation is yet available for this flaw."
        }
      ],
      "x_redhatCweChain": "CWE-668: Exposure of Resource to Wrong Sphere"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4910",
    "datePublished": "2023-11-06T12:49:37.751Z",
    "dateReserved": "2023-09-12T08:57:04.299Z",
    "dateUpdated": "2025-11-20T17:56:04.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-3670 (GCVE-0-2023-3670)

Vulnerability from cvelistv5 – Published: 2023-07-28 07:52 – Updated: 2024-10-21 17:43
VLAI
Title
Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
Summary
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
CODESYS CODESYS Development System Affected: 3.5.9.0 , < 3.5.17.0 (semver)
Create a notification for this product.
CODESYS CODESYS Scripting Affected: 4.0.0.0 , < 4.1.0.0 (semver)
Create a notification for this product.
Date Public
2023-07-28 07:45
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-024"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T17:43:39.441777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T17:43:52.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Development System",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.17.0",
              "status": "affected",
              "version": "3.5.9.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Scripting",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.1.0.0",
              "status": "affected",
              "version": "4.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-07-28T07:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In CODESYS Development System 3.5.9.0 to\u0026nbsp;3.5.17.0 and\u0026nbsp;CODESYS Scripting\u0026nbsp;4.0.0.0 to\u0026nbsp;4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users."
            }
          ],
          "value": "In CODESYS Development System 3.5.9.0 to\u00a03.5.17.0 and\u00a0CODESYS Scripting\u00a04.0.0.0 to\u00a04.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-28T07:52:33.639Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-024"
        }
      ],
      "source": {
        "advisory": "VDE-2023-024",
        "defect": [
          "CERT@VDE#64563"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-3670",
    "datePublished": "2023-07-28T07:52:33.639Z",
    "dateReserved": "2023-07-14T07:43:16.307Z",
    "dateUpdated": "2024-10-21T17:43:52.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2622 (GCVE-0-2023-2622)

Vulnerability from cvelistv5 – Published: 2023-11-01 02:24 – Updated: 2025-02-27 20:36
VLAI
Summary
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Hitachi Energy MACH System Software Affected: 7.10.0.0 , ≤ 7.18.0.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.876Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:48:42.456844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:36:59.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MACH System Software",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "7.18.0.0",
              "status": "affected",
              "version": "7.10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"
            }
          ],
          "value": "\nAuthenticated clients can read arbitrary files on the MAIN Computer\nsystem using the remote procedure call (RPC) of the InspectSetup\nservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-497",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-497 File Discovery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-01T02:24:51.988Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2023-2622",
    "datePublished": "2023-11-01T02:24:51.988Z",
    "dateReserved": "2023-05-10T08:59:58.079Z",
    "dateUpdated": "2025-02-27T20:36:59.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-46756 (GCVE-0-2022-46756)

Vulnerability from cvelistv5 – Published: 2023-02-01 05:37 – Updated: 2025-03-27 13:25
VLAI
Summary
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Dell VxRail HCI Affected: 0 , < 7.0.410 (custom)
Create a notification for this product.
Date Public
2022-12-22 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:39:38.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000206943"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T13:25:47.266101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T13:25:56.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VxRail HCI",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "7.0.410",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-22T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container\u0027s underlying OS. Exploitation may lead to a system take over by an attacker.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container\u0027s underlying OS. Exploitation may lead to a system take over by an attacker.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-01T05:37:17.789Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/000206943"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-46756",
    "datePublished": "2023-02-01T05:37:17.789Z",
    "dateReserved": "2022-12-07T14:20:31.444Z",
    "dateUpdated": "2025-03-27T13:25:56.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45935 (GCVE-0-2022-45935)

Vulnerability from cvelistv5 – Published: 2023-01-06 09:33 – Updated: 2025-04-10 13:35
VLAI
Title
Apache James server: Temporary File Information Disclosure
Summary
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache James server Affected: 0 , ≤ 3.7.2 (semver)
Create a notification for this product.
Credits
Benoit Tellier
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-45935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T13:35:27.107323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T13:35:31.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache James server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Benoit Tellier"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. \u003cbr\u003e\u003cbr\u003eVulnerable components includes the SMTP stack and IMAP APPEND command.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache James server version 3.7.2 and prior versions."
            }
          ],
          "value": "Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. \n\nVulnerable components includes the SMTP stack and IMAP APPEND command.\n\nThis issue affects Apache James server version 3.7.2 and prior versions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T10:18:19.197Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache James server: Temporary File Information Disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-45935",
    "datePublished": "2023-01-06T09:33:30.150Z",
    "dateReserved": "2022-11-27T08:53:19.892Z",
    "dateUpdated": "2025-04-10T13:35:31.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45438 (GCVE-0-2022-45438)

Vulnerability from cvelistv5 – Published: 2023-01-16 10:12 – Updated: 2025-04-07 14:59
VLAI
Title
Apache Superset: Dashboard metadata information leak
Summary
When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Superset Affected: 2.0.0 , < 2.0.1 (semver)
Affected: 0 , ≤ 1.5.2 (semver)
Create a notification for this product.
Credits
Sunny Alexli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:09:57.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-45438",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T14:59:07.727991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T14:59:56.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Superset",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.1",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sunny Alexli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-25T08:28:13.528Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Superset: Dashboard metadata information leak",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-45438",
    "datePublished": "2023-01-16T10:12:02.872Z",
    "dateReserved": "2022-11-15T10:36:44.454Z",
    "dateUpdated": "2025-04-07T14:59:56.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41874 (GCVE-0-2022-41874)

Vulnerability from cvelistv5 – Published: 2022-11-10 00:00 – Updated: 2025-04-23 16:38
VLAI
Title
Tauri Filesystem Scope can be Partially Bypassed
Summary
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
  • CWE-706 - Use of Incorrectly-Resolved Name or Reference
Assigner
Impacted products
Vendor Product Version
tauri-apps tauri Affected: >= 1.0.0, <1.0.7
Affected: >= 1.1.0, <1.1.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:54:51.769199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:38:40.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tauri",
          "vendor": "tauri-apps",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c1.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.1.0, \u003c1.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-706",
              "description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-10T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
        }
      ],
      "source": {
        "advisory": "GHSA-q9wv-22m9-vhqh",
        "discovery": "UNKNOWN"
      },
      "title": "Tauri Filesystem Scope can be Partially Bypassed"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41874",
    "datePublished": "2022-11-10T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:38:40.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39349 (GCVE-0-2022-39349)

Vulnerability from cvelistv5 – Published: 2022-10-25 00:00 – Updated: 2025-04-23 16:43
VLAI
Title
Tasks.org vulnerable to data exfiltration by malicous app or adb
Summary
The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
tasks tasks Affected: < 12.7.1
Affected: = 13.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tasks/tasks/security/advisories/GHSA-8x58-cg74-8jg8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tasks/tasks/commit/23bf69d3f44b07e4bc62ea107f72103239f5d942"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:55:58.062634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:43:58.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tasks",
          "vendor": "tasks",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 12.7.1"
            },
            {
              "status": "affected",
              "version": "= 13.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle \"share\" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app\u0027s external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user\u0027s notes and the app\u0027s preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-25T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/tasks/tasks/security/advisories/GHSA-8x58-cg74-8jg8"
        },
        {
          "url": "https://github.com/tasks/tasks/commit/23bf69d3f44b07e4bc62ea107f72103239f5d942"
        }
      ],
      "source": {
        "advisory": "GHSA-8x58-cg74-8jg8",
        "discovery": "UNKNOWN"
      },
      "title": "Tasks.org vulnerable to data exfiltration by malicous app or adb"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39349",
    "datePublished": "2022-10-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:43:58.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.