CWE-914
AllowedImproper Control of Dynamically-Identified Variables
Abstraction: Base · Status: Incomplete
The product does not properly restrict reading from or writing to dynamically-identified variables.
9 vulnerabilities reference this CWE, most recent first.
CVE-2026-35173 (GCVE-0-2026-35173)
Vulnerability from cvelistv5 – Published: 2026-04-06 17:48 – Updated: 2026-04-06 18:47| URL | Tags |
|---|---|
| https://github.com/xenocrat/chyrp-lite/security/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| xenocrat | chyrp-lite |
Affected:
< 2026.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35173",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:47:45.411194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:47:56.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "chyrp-lite",
"vendor": "xenocrat",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own and do not have permission to edit. By passing internal class properties such as id into the post_attributes payload, an attacker can alter the object being instantiated. As a result, further actions are performed on another user\u2019s post rather than the attacker\u2019s own post, effectively enabling post takeover. This vulnerability is fixed in 2026.01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:48:52.681Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xenocrat/chyrp-lite/security/advisories/GHSA-8c3h-rh2j-fxr9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xenocrat/chyrp-lite/security/advisories/GHSA-8c3h-rh2j-fxr9"
}
],
"source": {
"advisory": "GHSA-8c3h-rh2j-fxr9",
"discovery": "UNKNOWN"
},
"title": "Chyrp Lite has an IDOR via Mass Assignment in Post Model"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35173",
"datePublished": "2026-04-06T17:48:52.681Z",
"dateReserved": "2026-04-01T17:26:21.133Z",
"dateUpdated": "2026-04-06T18:47:56.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14085 (GCVE-0-2025-14085)
Vulnerability from cvelistv5 – Published: 2025-12-05 14:02 – Updated: 2025-12-05 16:48| URL | Tags |
|---|---|
| https://vuldb.com/?id.334476 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334476 | signaturepermissions-required |
| https://vuldb.com/?submit.695943 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/23 | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:05:02.816481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:48:03.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:02:05.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334476 | youlaitech youlai-mall orders improper control of dynamically-identified variables",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334476"
},
{
"name": "VDB-334476 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334476"
},
{
"name": "Submit #695943 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.695943"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/23"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-05T09:40:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall orders improper control of dynamically-identified variables"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14085",
"datePublished": "2025-12-05T14:02:05.993Z",
"dateReserved": "2025-12-05T08:35:03.860Z",
"dateUpdated": "2025-12-05T16:48:03.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14051 (GCVE-0-2025-14051)
Vulnerability from cvelistv5 – Published: 2025-12-04 22:32 – Updated: 2025-12-05 15:02| URL | Tags |
|---|---|
| https://vuldb.com/?id.334367 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334367 | signaturepermissions-required |
| https://vuldb.com/?submit.694827 | third-party-advisory |
| https://vuldb.com/?submit.694836 | third-party-advisory |
| https://vuldb.com/?submit.694837 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/18 | issue-tracking |
| https://github.com/Hwwg/cve/issues/19 | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:02:42.040272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:02:46.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Hwwg/cve/issues/19"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Hwwg/cve/issues/18"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:32:06.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334367 | youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334367"
},
{
"name": "VDB-334367 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334367"
},
{
"name": "Submit #694827 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694827"
},
{
"name": "Submit #694836 | youlai-mall latest Improper Control of Resource Identifiers (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694836"
},
{
"name": "Submit #694837 | youlai-mall latest Improper Control of Resource Identifiers (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.694837"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/18"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-04T18:17:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14051",
"datePublished": "2025-12-04T22:32:06.395Z",
"dateReserved": "2025-12-04T17:12:49.723Z",
"dateUpdated": "2025-12-05T15:02:46.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54198 (GCVE-0-2024-54198)
Vulnerability from cvelistv5 – Published: 2024-12-10 00:12 – Updated: 2024-12-10 21:28- CWE-914 - Improper Control of Dynamically-Identified Variables
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP |
Affected:
KRNL64NUC 7.22
Affected: 7.22EXT Affected: KRNL64UC 7.22 Affected: 7.53 Affected: KERNEL 7.22 Affected: 7.54 Affected: 7.77 Affected: 7.89 Affected: 7.93 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T21:27:54.079190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T21:28:02.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server ABAP",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "7.54"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.89"
},
{
"status": "affected",
"version": "7.93"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.\u003c/p\u003e"
}
],
"value": "In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T00:12:47.729Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3469791"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-54198",
"datePublished": "2024-12-10T00:12:47.729Z",
"dateReserved": "2024-12-02T11:40:44.769Z",
"dateUpdated": "2024-12-10T21:28:02.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24914 (GCVE-0-2024-24914)
Vulnerability from cvelistv5 – Published: 2024-11-07 11:25 – Updated: 2024-11-07 17:33- CWE-914 - Improper Control of Dynamically-Identified Variables
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management |
Affected:
Check Point Quantum Gateways versions R81, R81.10, R81.20
|
|
| checkpoint | clusterxl |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:* |
|
| checkpoint | multi-domain_management |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:* |
|
| checkpoint | quantum_appliances |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:* |
|
| checkpoint | quantum_maestro |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:* |
|
| checkpoint | quantum_scalable_chassis |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:* |
|
| checkpoint | quantum_security_gateway |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:* |
|
| checkpoint | quantum_security_management |
Affected:
r81
Affected: r81.10 Affected: r81.20 cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clusterxl",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "multi-domain_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_maestro",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_scalable_chassis",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:56:57.795526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:33:31.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Quantum Gateways versions R81, R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:25:53.238Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182743"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24914",
"datePublished": "2024-11-07T11:25:53.238Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2024-11-07T17:33:31.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33175 (GCVE-0-2023-33175)
Vulnerability from cvelistv5 – Published: 2023-05-30 04:31 – Updated: 2025-01-10 20:35- CWE-914 - Improper Control of Dynamically-Identified Variables
| URL | Tags |
|---|---|
| https://github.com/mubarakalmehairbi/ToUI/securit… | x_refsource_CONFIRM |
| https://github.com/mubarakalmehairbi/ToUI/release… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| mubarakalmehairbi | ToUI |
Affected:
>= 2.0.1, < 2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563"
},
{
"name": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T20:34:59.010808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:35:07.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ToUI",
"vendor": "mubarakalmehairbi",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.1, \u003c 2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T04:31:36.503Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563"
},
{
"name": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1"
}
],
"source": {
"advisory": "GHSA-hh7j-pg39-q563",
"discovery": "UNKNOWN"
},
"title": "ToUI allows user-specific variables to be shared between users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33175",
"datePublished": "2023-05-30T04:31:36.503Z",
"dateReserved": "2023-05-17T22:25:50.696Z",
"dateUpdated": "2025-01-10T20:35:07.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-5GRF-RW7W-63Q5
Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.
{
"affected": [],
"aliases": [
"CVE-2024-54198"
],
"database_specific": {
"cwe_ids": [
"CWE-914"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T01:15:06Z",
"severity": "HIGH"
},
"details": "In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.",
"id": "GHSA-5grf-rw7w-63q5",
"modified": "2024-12-10T03:31:45Z",
"published": "2024-12-10T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54198"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3469791"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HH7J-PG39-Q563
Vulnerability from github – Published: 2023-05-24 17:38 – Updated: 2023-05-30 06:41Impact
Websites that use Website.user_vars property in versions.
Patches
It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1
Workarounds
Do not use Website.user_vars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signin_user() in version v2.4.0 only.
Explanation
ToUI is using Flask-Caching (SimpleCache) to store user variables. My misunderstanding was that these caches are stored in the client's browser, but it seems that these are stored in the server side.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "toui"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.1"
},
{
"fixed": "2.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-33175"
],
"database_specific": {
"cwe_ids": [
"CWE-913",
"CWE-914"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-24T17:38:52Z",
"nvd_published_at": "2023-05-30T05:15:11Z",
"severity": "CRITICAL"
},
"details": "### Impact\nWebsites that use `Website.user_vars` property in versions.\n\n### Patches\nIt affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1\n\n### Workarounds\nDo not use `Website.user_vars` in websites when using versions v2.0.1 to v2.4.0. Also, do not use `Website.signin_user()` in version v2.4.0 only.\n\n### Explanation\nToUI is using Flask-Caching (SimpleCache) to store user variables. My misunderstanding was that these caches are stored in the client\u0027s browser, but it seems that these are stored in the server side.\n",
"id": "GHSA-hh7j-pg39-q563",
"modified": "2023-05-30T06:41:13Z",
"published": "2023-05-24T17:38:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33175"
},
{
"type": "PACKAGE",
"url": "https://github.com/mubarakalmehairbi/ToUI"
},
{
"type": "WEB",
"url": "https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "toui allows user-specific variables to be shared between users"
}
GHSA-JFQP-W655-72WJ
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2024-11-07 12:30Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
{
"affected": [],
"aliases": [
"CVE-2024-24914"
],
"database_specific": {
"cwe_ids": [
"CWE-914"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T12:15:24Z",
"severity": "HIGH"
},
"details": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.",
"id": "GHSA-jfqp-w655-72wj",
"modified": "2024-11-07T12:30:35Z",
"published": "2024-11-07T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24914"
},
{
"type": "WEB",
"url": "https://support.checkpoint.com/results/sk/sk182743"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Input Validation
For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified.
Mitigation
Strategy: Refactoring
Refactor the code so that internal program variables do not need to be dynamically identified.
No CAPEC attack patterns related to this CWE.