CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
GHSA-F3QH-P6VF-FRVJ
Vulnerability from github – Published: 2022-05-17 03:46 – Updated: 2025-11-05 00:31Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
{
"affected": [],
"aliases": [
"CVE-2014-5415"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-05T10:59:00Z",
"severity": "CRITICAL"
},
"details": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.",
"id": "GHSA-f3qh-p6vf-frvj",
"modified": "2025-11-05T00:31:12Z",
"published": "2022-05-17T03:46:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5415"
},
{
"type": "WEB",
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf"
},
{
"type": "WEB",
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf"
},
{
"type": "WEB",
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93349"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F4MH-7QWC-2533
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-01-23 15:30A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.
{
"affected": [],
"aliases": [
"CVE-2019-20923"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-23T16:15:00Z",
"severity": "MODERATE"
},
"details": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.",
"id": "GHSA-f4mh-7qwc-2533",
"modified": "2024-01-23T15:30:55Z",
"published": "2022-05-24T17:34:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20923"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-39481"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH72-RHCQ-WPF6
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351.
{
"affected": [],
"aliases": [
"CVE-2025-5823"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-25T18:15:23Z",
"severity": "MODERATE"
},
"details": "Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Autel Technician API. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26351.",
"id": "GHSA-fh72-rhcq-wpf6",
"modified": "2025-06-26T21:31:13Z",
"published": "2025-06-26T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5823"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FHM6-67QQ-3Q35
Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2025-08-23 00:31An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
{
"affected": [],
"aliases": [
"CVE-2014-0758"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-02-24T04:48:00Z",
"severity": "HIGH"
},
"details": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.",
"id": "GHSA-fhm6-67qq-3q35",
"modified": "2025-08-23T00:31:12Z",
"published": "2022-05-17T04:52:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0758"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-051-01"
},
{
"type": "WEB",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FJ6X-XHQ4-HQ99
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541.
{
"affected": [],
"aliases": [
"CVE-2023-38124"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:10Z",
"severity": "HIGH"
},
"details": "Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541.",
"id": "GHSA-fj6x-xhq4-hq99",
"modified": "2024-05-03T03:30:56Z",
"published": "2024-05-03T03:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38124"
},
{
"type": "WEB",
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWJP-3G6W-X33Q
Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27678.
{
"affected": [],
"aliases": [
"CVE-2025-14496"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-23T22:15:50Z",
"severity": "HIGH"
},
"details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27678.",
"id": "GHSA-fwjp-3g6w-x33q",
"modified": "2025-12-24T00:30:16Z",
"published": "2025-12-24T00:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14496"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8MR-85JM-7XHM
Vulnerability from github – Published: 2026-06-15 20:05 – Updated: 2026-06-15 20:05Summary
Vitest Browser Mode exposes a cdp() API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec.
As a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with allowWrite: false and allowExec: false, CDP Page.setDownloadBehavior set the browser download directory to the project root, and CDP Runtime.evaluate downloaded a controlled vite.config.ts. Vitest reloaded the changed config and executed attacker-controlled Node.js code.
When the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.
Impact
This affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with --browser.api.host=0.0.0.0.
In this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest's CDP RPC and use Chrome's download controls to overwrite vite.config.ts in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.
The same exposed CDP bridge also allows direct browser-session JavaScript execution through Runtime.evaluate. A separate local probe showed that CDP can navigate the browser to a file:// URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.
Reproduction
For a concrete reproduction, start Browser Mode in watch mode using the official Lit example:
pnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc
cd vitest-poc
pnpm install
Configure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:
import { playwright } from '@vitest/browser-playwright'
import { defineConfig } from 'vite'
export default defineConfig({
test: {
browser: {
enabled: true,
provider: playwright(),
instances: [
{ browser: 'chromium' },
],
api: {
host: '0.0.0.0',
allowWrite: false,
allowExec: false,
},
},
},
})
Then start the test server:
pnpm test
Vitest serves the browser runner HTML and WebSocket API at http://localhost:63315.
While the browser session is active:
- Fetch the generated browser runner page:
text
http://localhost:63315/__vitest_test__/
-
Extract the embedded browser API token, active session id, project name, and project root:
-
window.VITEST_API_TOKEN __vitest_browser_runner__.sessionId__vitest_browser_runner__.config.name-
__vitest_browser_runner__.config.root -
Connect to the browser API WebSocket as a tester client:
text
/__vitest_browser_api__?type=tester&rpcId=<fresh-id>&sessionId=<session-id>&projectName=<project-name>&method=none&token=<token>
- Call the
sendCdpEventRPC method with:
text
Page.setDownloadBehavior({
behavior: "allow",
downloadPath: __vitest_browser_runner__.config.root
})
-
Call
sendCdpEventagain withRuntime.evaluate. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element<a download="vite.config.ts">. -
Observed result:
-
vite.config.tsis overwritten with attacker-controlled content. - Vitest reloads the changed config.
- The injected Node.js payload runs on the host.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.0-beta.3"
},
"package": {
"ecosystem": "npm",
"name": "@vitest/browser"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-beta.0"
},
{
"fixed": "5.0.0-beta.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.7"
},
"package": {
"ecosystem": "npm",
"name": "@vitest/browser"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.4"
},
"package": {
"ecosystem": "npm",
"name": "@vitest/browser"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.1.23"
},
"package": {
"ecosystem": "npm",
"name": "vite-plus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53633"
],
"database_specific": {
"cwe_ids": [
"CWE-749",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T20:05:15Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Summary\n\nVitest Browser Mode exposes a `cdp()` API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by `browser.api.allowWrite`, `browser.api.allowExec`, `api.allowWrite`, or `api.allowExec`.\n\nAs a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with `allowWrite: false` and `allowExec: false`, CDP `Page.setDownloadBehavior` set the browser download directory to the project root, and CDP `Runtime.evaluate` downloaded a controlled `vite.config.ts`. Vitest reloaded the changed config and executed attacker-controlled Node.js code.\n\nWhen the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.\n\n## Impact\n\nThis affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with `--browser.api.host=0.0.0.0`.\n\nIn this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest\u0027s CDP RPC and use Chrome\u0027s download controls to overwrite `vite.config.ts` in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.\n\nThe same exposed CDP bridge also allows direct browser-session JavaScript execution through `Runtime.evaluate`. A separate local probe showed that CDP can navigate the browser to a `file://` URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.\n\n## Reproduction\n\nFor a concrete reproduction, start Browser Mode in watch mode using the official Lit example:\n\n```sh\npnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc\ncd vitest-poc\npnpm install\n```\n\nConfigure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:\n\n```ts\nimport { playwright } from \u0027@vitest/browser-playwright\u0027\nimport { defineConfig } from \u0027vite\u0027\n\nexport default defineConfig({\n test: {\n browser: {\n enabled: true,\n provider: playwright(),\n instances: [\n { browser: \u0027chromium\u0027 },\n ],\n api: {\n host: \u00270.0.0.0\u0027,\n allowWrite: false,\n allowExec: false,\n },\n },\n },\n})\n```\n\nThen start the test server:\n\n```sh\npnpm test\n```\n\nVitest serves the browser runner HTML and WebSocket API at `http://localhost:63315`.\n\nWhile the browser session is active:\n\n1. Fetch the generated browser runner page:\n\n ```text\n http://localhost:63315/__vitest_test__/\n ```\n\n2. Extract the embedded browser API token, active session id, project name, and project root:\n\n - `window.VITEST_API_TOKEN`\n - `__vitest_browser_runner__.sessionId`\n - `__vitest_browser_runner__.config.name`\n - `__vitest_browser_runner__.config.root`\n\n3. Connect to the browser API WebSocket as a tester client:\n\n ```text\n /__vitest_browser_api__?type=tester\u0026rpcId=\u003cfresh-id\u003e\u0026sessionId=\u003csession-id\u003e\u0026projectName=\u003cproject-name\u003e\u0026method=none\u0026token=\u003ctoken\u003e\n ```\n\n4. Call the `sendCdpEvent` RPC method with:\n\n ```text\n Page.setDownloadBehavior({\n behavior: \"allow\",\n downloadPath: __vitest_browser_runner__.config.root\n })\n ```\n\n5. Call `sendCdpEvent` again with `Runtime.evaluate`. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element `\u003ca download=\"vite.config.ts\"\u003e`.\n\n6. Observed result:\n\n - `vite.config.ts` is overwritten with attacker-controlled content.\n - Vitest reloads the changed config.\n - The injected Node.js payload runs on the host.",
"id": "GHSA-g8mr-85jm-7xhm",
"modified": "2026-06-15T20:05:15Z",
"published": "2026-06-15T20:05:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-g8mr-85jm-7xhm"
},
{
"type": "PACKAGE",
"url": "https://github.com/vitest-dev/vitest"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE"
}
GHSA-GCGW-Q47M-PRVJ
Vulnerability from github – Published: 2023-12-12 03:31 – Updated: 2024-09-30 18:52Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.
Original Description
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security:java-security"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security:java-security"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security.xsuaa:spring-xsuaa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security.xsuaa:spring-xsuaa"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security:spring-security"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.sap.cloud.security:spring-security"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-639",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-15T03:53:07Z",
"nvd_published_at": "2023-12-12T02:15:08Z",
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.\n\n## Original Description\nSAP\u00a0BTP\u00a0Security Services Integration Library ([Java] cloud-security-services-integration-library) -\u00a0versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.\n\n",
"id": "GHSA-gcgw-q47m-prvj",
"modified": "2024-09-30T18:52:44Z",
"published": "2023-12-12T03:31:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50422"
},
{
"type": "WEB",
"url": "https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067"
},
{
"type": "PACKAGE",
"url": "https://github.com/SAP/cloud-security-services-integration-library"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3411067"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3413475"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/java-security"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ",
"withdrawn": "2024-09-30T18:52:44Z"
}
GHSA-H5V5-9632-6PPH
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034.
{
"affected": [],
"aliases": [
"CVE-2023-51581"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:16:17Z",
"severity": "CRITICAL"
},
"details": "Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034.",
"id": "GHSA-h5v5-9632-6pph",
"modified": "2024-05-03T03:31:07Z",
"published": "2024-05-03T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51581"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1886"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H7CW-M84H-C746
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011.
{
"affected": [],
"aliases": [
"CVE-2023-51575"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:16:16Z",
"severity": "CRITICAL"
},
"details": "Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011.",
"id": "GHSA-h7cw-m84h-c746",
"modified": "2024-05-03T03:31:07Z",
"published": "2024-05-03T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51575"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1881"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.