CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-0012 (GCVE-0-2023-0012)
Vulnerability from cvelistv5 – Published: 2023-01-10 02:44 – Updated: 2025-04-09 14:06
VLAI
Title
Local Privilege Escalation in SAP Host Agent (Windows)
Summary
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | Host Agent (Windows) |
Affected:
7.21
Affected: 7.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3276120"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:05:57.989007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:06:07.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Host Agent (Windows)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "7.21"
},
{
"status": "affected",
"version": "7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised."
}
],
"value": "In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T03:49:32.685Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3276120"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in SAP Host Agent (Windows)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-0012",
"datePublished": "2023-01-10T02:44:38.047Z",
"dateReserved": "2022-12-16T03:12:52.291Z",
"dateUpdated": "2025-04-09T14:06:07.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0017 (GCVE-0-2023-0017)
Vulnerability from cvelistv5 – Published: 2023-01-10 03:18 – Updated: 2025-04-09 13:54
VLAI
Title
Improper access control in SAP NetWeaver AS for Java
Summary
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.
Severity
9.4 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | NetWeaver AS for Java |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3268093"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:53:19.759007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:54:09.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NetWeaver AS for Java",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable."
}
],
"value": "An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T03:18:57.927Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3268093"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control in SAP NetWeaver AS for Java",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-0017",
"datePublished": "2023-01-10T03:18:57.927Z",
"dateReserved": "2022-12-20T03:49:32.991Z",
"dateUpdated": "2025-04-09T13:54:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0451 (GCVE-0-2023-0451)
Vulnerability from cvelistv5 – Published: 2023-01-26 20:37 – Updated: 2025-01-16 21:59
VLAI
Summary
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | government-resource |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:04.944910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:59:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Econolite",
"versions": [
{
"lessThan": "3.2.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rustam Amin"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rustam Amin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEconolite EOS versions prior to 3.2.23 lack a password\nrequirement for gaining \u201cREADONLY\u201d access to log files and certain database and\nconfiguration files. One such file contains tables with MD5 hashes and\nusernames for all defined users in the control software, including\nadministrators and technicians.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "Econolite EOS versions prior to 3.2.23 lack a password\nrequirement for gaining \u201cREADONLY\u201d access to log files and certain database and\nconfiguration files. One such file contains tables with MD5 hashes and\nusernames for all defined users in the control software, including\nadministrators and technicians.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T15:37:19.367Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0451",
"datePublished": "2023-01-26T20:37:53.380Z",
"dateReserved": "2023-01-23T18:19:27.265Z",
"dateUpdated": "2025-01-16T21:59:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0506 (GCVE-0-2023-0506)
Vulnerability from cvelistv5 – Published: 2023-10-03 13:12 – Updated: 2024-09-19 20:15
VLAI
Title
ByDemes Group Airspace CCTV Web Service Improper Access Control
Summary
The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ByDemes Group | Airspace CCTV Web Service |
Affected:
2.616.BY00.11
|
Date Public
2023-06-28 10:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T20:15:31.046541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T20:15:43.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Airspace CCTV Web Service",
"vendor": "ByDemes Group",
"versions": [
{
"status": "affected",
"version": "2.616.BY00.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Camilo Andr\u00e9s Bruna"
}
],
"datePublic": "2023-06-28T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access."
}
],
"value": "The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T13:12:51.965Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products"
},
{
"url": "https://github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The reported vulnerability has already been fixed by the By Demes Group security team. Affected users are advised to upgrade to the latest version available. By Demes Group reminds that the affected devices are at end of life and are no longer supported, so it is recommended to upgrade to a newer model."
}
],
"value": "The reported vulnerability has already been fixed by the By Demes Group security team. Affected users are advised to upgrade to the latest version available. By Demes Group reminds that the affected devices are at end of life and are no longer supported, so it is recommended to upgrade to a newer model."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ByDemes Group Airspace CCTV Web Service Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-0506",
"datePublished": "2023-10-03T13:12:51.965Z",
"dateReserved": "2023-01-25T10:12:33.756Z",
"dateUpdated": "2024-09-19T20:15:43.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0744 (GCVE-0-2023-0744)
Vulnerability from cvelistv5 – Published: 2023-02-08 00:00 – Updated: 2025-03-25 14:49
VLAI
Title
Improper Access Control in answerdev/answer
Summary
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:45:07.525814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:49:06.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434"
},
{
"url": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d"
},
{
"url": "http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html"
}
],
"source": {
"advisory": "35a0e12f-1d54-4fc0-8779-6a4949b7c434",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0744",
"datePublished": "2023-02-08T00:00:00.000Z",
"dateReserved": "2023-02-08T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:49:06.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0811 (GCVE-0-2023-0811)
Vulnerability from cvelistv5 – Published: 2023-03-16 17:41 – Updated: 2025-01-16 21:42
VLAI
Summary
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Omron | CJ1M SYSMAC CJ-series |
Affected:
All versions
|
|
| Omron | CJ1M SYSMAC CJ-series |
Affected:
All versions
|
|
| Omron | CJ1M SYSMAC CS-series |
Affected:
All versions
|
|
| Omron | CJ1M SYSMAC CS-series |
Affected:
All versions
|
|
| Omron | CJ1M SYSMAC CP-series |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:56:16.921497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:42:32.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "CJ2H-CPU6 \u25a1 -EIP",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ2H-CPU6 \u25a1",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ2M-CPU \u25a1 \u25a1",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CJ1G-CPU \u25a1 \u25a1 P",
"product": "CJ1M SYSMAC CJ-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1H-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1G-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 HA",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 H",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 SA",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 S",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CS1D-CPU \u25a1 \u25a1 P",
"product": "CJ1M SYSMAC CS-series ",
"vendor": "Omron ",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-E \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-S \u25a1 \u25a1 D \u25a1- \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP2E-N \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-X40D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-XA40D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1H-Y20DT-D",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-EL20D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-EM \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-L \u25a1 \u25a1 D \u25a1- \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1L-M \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1E-E \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "CP1E-NA \u25a1 \u25a1 D \u25a1 - \u25a1",
"product": "CJ1M SYSMAC CP-series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos reported these vulnerabilities to CISA. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \u003c/span\u003e\n\n"
}
],
"value": "\nOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T17:45:14.919Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01"
},
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eOMRON has released the following countermeasures for users to implement: \u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) \u003c/li\u003e\u003cli\u003eSet UM read protection password and \u201cProhibit from overwriting to a protected program \u201coption. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: \u003c/p\u003e\u003cp\u003eSecurity measures to prevent unauthorized access: \u003c/p\u003e\u003cul\u003e\u003cli\u003eIf the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. \u003cul\u003e\u003cli\u003eEnable the FINS write protection function. \u003c/li\u003e\u003cli\u003eSelect the Protect by IP Address \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eMinimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them. \u0026nbsp;\u003c/li\u003e\u003cli\u003eImplement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. \u003c/li\u003e\u003cli\u003eUse a virtual private network (VPN) for remote access to control systems and equipment. \u003c/li\u003e\u003cli\u003eUse strong passwords and change them frequently. \u003c/li\u003e\u003cli\u003eInstall physical controls so that only authorized personnel can access control systems and equipment. \u003c/li\u003e\u003cli\u003eScan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. \u003c/li\u003e\u003cli\u003eEnforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. \u003c/li\u003e\u003cli\u003eAnti-virus protection \u003cul\u003e\u003cli\u003eProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eData input and output protection \u003cul\u003e\u003cli\u003eValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eData recovery \u003cul\u003e\u003cli\u003ePeriodical data backup and maintenance to prepare for data loss. \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see Omron\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf\"\u003eSecurity Advisory\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOMRON has released the following countermeasures for users to implement: \n\n * Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) \n * Set UM read protection password and \u201cProhibit from overwriting to a protected program \u201coption. \n\n\nIf the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: \n\nSecurity measures to prevent unauthorized access: \n\n * If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function. \n * Select the Protect by IP Address \n\n\n\n * Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them. \u00a0\n * Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. \n * Use a virtual private network (VPN) for remote access to control systems and equipment. \n * Use strong passwords and change them frequently. \n * Install physical controls so that only authorized personnel can access control systems and equipment. \n * Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. \n * Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. \n * Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. \n\n\n\n * Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. \n\n\n\n * Data recovery * Periodical data backup and maintenance to prepare for data loss. \n\n\n\n\n\nFor more information, see Omron\u2019s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .\n\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0811",
"datePublished": "2023-03-16T17:41:25.525Z",
"dateReserved": "2023-02-13T15:41:55.590Z",
"dateUpdated": "2025-01-16T21:42:32.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0858 (GCVE-0-2023-0858)
Vulnerability from cvelistv5 – Published: 2023-05-11 00:00 – Updated: 2025-01-24 21:11
VLAI
Summary
Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canon Inc. | Canon Office/Small Office Multifunction Printers and Laser Printers |
Affected:
Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.canon-europe.com/support/product-security-latest-news/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.canon/advisory-information/cp2023-001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://canon.jp/support/support-info/230414vulnerability-response"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:10:59.406224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:11:04.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Canon Office/Small Office Multifunction Printers and Laser Printers",
"vendor": "Canon Inc.",
"versions": [
{
"status": "affected",
"version": "Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T00:00:00.000Z",
"orgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
"shortName": "Canon"
},
"references": [
{
"url": "https://www.canon-europe.com/support/product-security-latest-news/"
},
{
"url": "https://psirt.canon/advisory-information/cp2023-001/"
},
{
"url": "https://canon.jp/support/support-info/230414vulnerability-response"
},
{
"url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
"assignerShortName": "Canon",
"cveId": "CVE-2023-0858",
"datePublished": "2023-05-11T00:00:00.000Z",
"dateReserved": "2023-02-16T00:00:00.000Z",
"dateUpdated": "2025-01-24T21:11:04.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0916 (GCVE-0-2023-0916)
Vulnerability from cvelistv5 – Published: 2023-02-19 08:10 – Updated: 2024-08-02 05:24
VLAI
Title
SourceCodester Auto Dealer Management System Users.php access control
Summary
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.221491 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.221491 | signaturepermissions-required |
| https://github.com/navaidzansari/CVE_Demo/blob/ma… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Auto Dealer Management System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.221491"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221491"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto Dealer Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "navaidansari (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491."
},
{
"lang": "de",
"value": "In SourceCodester Auto Dealer Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /adms/classes/Users.php. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:28:36.424Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.221491"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221491"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-19T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-23T09:50:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Auto Dealer Management System Users.php access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0916",
"datePublished": "2023-02-19T08:10:44.377Z",
"dateReserved": "2023-02-19T08:09:16.335Z",
"dateUpdated": "2024-08-02T05:24:34.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0963 (GCVE-0-2023-0963)
Vulnerability from cvelistv5 – Published: 2023-02-22 18:12 – Updated: 2024-11-25 15:30
VLAI
Title
SourceCodester Music Gallery Site POST Request Users.php access control
Summary
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
Severity
7.3 (High)
7.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.221633 | vdb-entry |
| https://vuldb.com/?ctiid.221633 | signaturepermissions-required |
| https://github.com/navaidzansari/CVE_Demo/blob/ma… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Music Gallery Site |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.221633"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221633"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0963",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T15:30:19.847890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T15:30:29.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "Music Gallery Site",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "navaidansari (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Music Gallery Site 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei Users.php der Komponente POST Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:43:19.556Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.221633"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221633"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-22T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-24T08:37:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Music Gallery Site POST Request Users.php access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0963",
"datePublished": "2023-02-22T18:12:53.599Z",
"dateReserved": "2023-02-22T18:08:12.918Z",
"dateUpdated": "2024-11-25T15:30:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0998 (GCVE-0-2023-0998)
Vulnerability from cvelistv5 – Published: 2023-02-24 07:32 – Updated: 2024-08-02 05:32
VLAI
Title
SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control
Summary
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.
Severity
6.5 (Medium)
6.5 (Medium)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.221733 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.221733 | signaturepermissions-required |
| https://github.com/1MurasaKi/PaymentVul_report/bl… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Alphaware Simple E-Commerce System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.221733"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221733"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/1MurasaKi/PaymentVul_report/blob/main/razormist/Alphaware%20-%20Simple%20E-Commerce%20System/payment_vulnerability.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Payment Handler"
],
"product": "Alphaware Simple E-Commerce System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Murasaki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Alphaware Simple E-Commerce System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /alphaware/summary.php der Komponente Payment Handler. Mittels Manipulieren des Arguments amount mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:55:31.323Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.221733"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221733"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/1MurasaKi/PaymentVul_report/blob/main/razormist/Alphaware%20-%20Simple%20E-Commerce%20System/payment_vulnerability.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-24T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-24T19:00:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0998",
"datePublished": "2023-02-24T07:32:03.001Z",
"dateReserved": "2023-02-24T07:31:43.827Z",
"dateUpdated": "2024-08-02T05:32:46.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-19: Embedding Scripts within Scripts
An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts.
CAPEC-441: Malicious Logic Insertion
An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.
CAPEC-478: Modification of Windows Service Configuration
An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.
CAPEC-479: Malicious Root Certificate
An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.
CAPEC-502: Intent Spoof
An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent's action without verififcation, then the target application performs the functionality at the adversary's request, helping the adversary achieve the desired negative technical impact.
CAPEC-503: WebView Exposure
An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.
CAPEC-536: Data Injected During Configuration
An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.
CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.
CAPEC-550: Install New Service
When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-552: Install Rootkit
An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.
CAPEC-556: Replace File Extension Handlers
When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.
CAPEC-558: Replace Trusted Executable
An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.
CAPEC-562: Modify Shared File
An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.
CAPEC-563: Add Malicious File to Shared Webroot
An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.
CAPEC-564: Run Software at Logon
Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.
CAPEC-578: Disable Security Software
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.