CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CVE-2024-13446 (GCVE-0-2024-13446)
Vulnerability from cvelistv5 – Published: 2025-03-12 09:22 – Updated: 2026-04-08 17:01
VLAI
Title
Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover
Summary
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AmentoTech | Workreap |
Affected:
0 , ≤ 3.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:19:41.932975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:20:41.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Workreap",
"vendor": "AmentoTech",
"versions": [
{
"lessThanOrEqual": "3.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user\u0027s identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user\u0027s password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:01:57.670Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78c1308b-0849-4235-b2d6-0b1750a5614f?source=cve"
},
{
"url": "https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-21T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-03-11T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Workreap \u003c= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13446",
"datePublished": "2025-03-12T09:22:25.914Z",
"dateReserved": "2025-01-15T22:03:36.460Z",
"dateUpdated": "2026-04-08T17:01:57.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13553 (GCVE-0-2024-13553)
Vulnerability from cvelistv5 – Published: 2025-04-01 11:12 – Updated: 2026-04-08 16:51
VLAI
Title
SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation
Summary
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code "1234" and authenticate as any user, including administrators.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery |
Affected:
0 , ≤ 3.7.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T13:54:52.776625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T13:57:05.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMS Alert \u2013 SMS \u0026 OTP for WooCommerce, Order Notifications \u0026 Abandoned Cart Recovery",
"vendor": "cozyvision1",
"versions": [
{
"lessThanOrEqual": "3.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:42.148Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3248017%40sms-alert\u0026new=3248017%40sms-alert\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3227241%40sms-alert\u0026new=3227241%40sms-alert\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-31T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "SMS Alert Order Notifications \u2013 WooCommerce \u003c= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13553",
"datePublished": "2025-04-01T11:12:28.510Z",
"dateReserved": "2025-01-20T20:38:30.320Z",
"dateUpdated": "2026-04-08T16:51:42.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13771 (GCVE-0-2024-13771)
Vulnerability from cvelistv5 – Published: 2025-03-14 11:15 – Updated: 2026-04-08 16:55
VLAI
Title
Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update
Summary
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| uxper | Civi - Job Board & Freelance Marketplace WordPress Theme |
Affected:
0 , ≤ 2.1.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T12:43:10.649851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:07:20.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Civi - Job Board \u0026 Freelance Marketplace WordPress Theme",
"vendor": "uxper",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Civi - Job Board \u0026 Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:55:12.686Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve"
},
{
"url": "https://themeforest.net/item/civi-job-board-wordpress-theme/42770817"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Civi - Job Board \u0026 Freelance Marketplace WordPress Theme \u003c= 2.1.4 - Authentication Bypass via Password Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13771",
"datePublished": "2025-03-14T11:15:52.455Z",
"dateReserved": "2025-01-28T16:45:03.935Z",
"dateUpdated": "2026-04-08T16:55:12.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13772 (GCVE-0-2024-13772)
Vulnerability from cvelistv5 – Published: 2025-03-14 11:15 – Updated: 2026-04-08 17:19
VLAI
Title
Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass
Summary
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_register actions. This makes it possible for unauthenticated attackers to login as any user as long as they have access to the email.
Severity
5.6 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| uxper | Civi - Job Board & Freelance Marketplace WordPress Theme |
Affected:
0 , ≤ 2.1.6.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T12:34:51.682158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T12:35:33.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Civi - Job Board \u0026 Freelance Marketplace WordPress Theme",
"vendor": "uxper",
"versions": [
{
"lessThanOrEqual": "2.1.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Civi - Job Board \u0026 Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_register actions. This makes it possible for unauthenticated attackers to login as any user as long as they have access to the email."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:21.991Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf04f458-7900-4dd3-84fb-169b74db97ab?source=cve"
},
{
"url": "https://themeforest.net/item/civi-job-board-wordpress-theme/42770817#item-description__changelogs"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Civi - Job Board \u0026 Freelance Marketplace WordPress Theme \u003c= 2.1.6.1 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13772",
"datePublished": "2025-03-14T11:15:53.188Z",
"dateReserved": "2025-01-28T17:18:28.551Z",
"dateUpdated": "2026-04-08T17:19:21.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1525 (GCVE-0-2024-1525)
Vulnerability from cvelistv5 – Published: 2024-02-21 23:30 – Updated: 2026-05-13 04:05
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
Severity
5.3 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/438144 | issue-trackingpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:29:18.467492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:54.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #438144",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.8.3",
"status": "affected",
"version": "16.8",
"versionType": "semver"
},
{
"lessThan": "16.9.1",
"status": "affected",
"version": "16.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T04:05:29.703Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #438144",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."
}
],
"title": "Authentication Bypass Using an Alternate Path or Channel in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-1525",
"datePublished": "2024-02-21T23:30:44.816Z",
"dateReserved": "2024-02-15T07:03:33.019Z",
"dateUpdated": "2026-05-13T04:05:29.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1646 (GCVE-0-2024-1646)
Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 18:48
VLAI
Title
Authentication Bypass in parisneo/lollms-webui
Summary
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
Severity
8.2 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Affected:
unspecified , < 9.3
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:18:33.557762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:59:30.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \u00270.0.0.0\u0027 to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/check_update\u0027, \u0027/start_recording\u0027, and \u0027/stop_recording\u0027. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:34.706Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"source": {
"advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1646",
"datePublished": "2024-04-16T00:00:14.201Z",
"dateReserved": "2024-02-19T21:27:04.120Z",
"dateUpdated": "2024-08-01T18:48:20.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1709 (GCVE-0-2024-1709)
Vulnerability from cvelistv5 – Published: 2024-02-21 15:36 – Updated: 2025-10-21 23:05
VLAI
Title
Authentication bypass using an alternate path or channel
Summary
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Severity
10 (Critical)
CWE
- CWE-288 - Authentication bypass using an alternate path or channel
Assigner
References
10 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ConnectWise | ScreenConnect |
Affected:
0 , ≤ 23.9.7
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:connectwise:screenconnect:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "screenconnect",
"vendor": "connectwise",
"versions": [
{
"lessThanOrEqual": "23.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1709",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-24T05:00:21.568850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-02-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:24.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-22T00:00:00.000Z",
"value": "CVE-2024-1709 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/18870"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScreenConnect",
"vendor": "ConnectWise",
"versions": [
{
"changes": [
{
"at": "23.9.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "23.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecritical systems.\u003c/span\u003e"
}
],
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication bypass using an alternate path or channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T18:25:45.687Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
},
{
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
},
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
},
{
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/18870"
},
{
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
},
{
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
},
{
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
},
{
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication bypass using an alternate path or channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-1709",
"datePublished": "2024-02-21T15:36:03.960Z",
"dateReserved": "2024-02-21T15:05:07.113Z",
"dateUpdated": "2025-10-21T23:05:24.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2012 (GCVE-0-2024-2012)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:16 – Updated: 2024-08-01 18:56
VLAI
Summary
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be executed on the UNEM server allowing sensitive data to
be read or modified or could cause other unintended behavior
Severity
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
(custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 (custom) Unaffected: FOXMAN-UN R15B PC5 (custom) Affected: FOXMAN-UN R16A (custom) Affected: FOXMAN-UN R15A (custom) |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
(custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 (custom) Affected: UNEM R15B PC5 (custom) Affected: UNEM R15A (custom) Affected: UNEM R16A (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc2"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc3"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc4"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc5"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r16a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r15a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc2"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc3"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc4"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc5"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r15a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r16a"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:24:47.544271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:07:08.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15A",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16A",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
}
],
"value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:58:20.884Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2012",
"datePublished": "2024-06-11T13:16:29.566Z",
"dateReserved": "2024-02-29T13:42:06.985Z",
"dateUpdated": "2024-08-01T18:56:22.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2013 (GCVE-0-2024-2013)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:14 – Updated: 2024-08-01 18:56
VLAI
Summary
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway component that if exploited allows attackers without
any access to interact with the services and the post-authentication
attack surface.
Severity
10 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
(custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 (custom) Unaffected: FOXMAN-UN R15B PC5 (custom) Affected: FOXMAN-UN R16A Affected: FOXMAN-UN R15A |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
(custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 (custom) Affected: UNEM R15B PC5 (custom) Affected: UNEM R16B Affected: UNEM R15A |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:16:13.737199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:16:25.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16B"
},
{
"status": "affected",
"version": "UNEM R15A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
}
],
"value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:57:13.510Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2013",
"datePublished": "2024-06-11T13:14:40.501Z",
"dateReserved": "2024-02-29T13:42:08.147Z",
"dateUpdated": "2024-08-01T18:56:22.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2055 (GCVE-0-2024-2055)
Vulnerability from cvelistv5 – Published: 2024-03-05 18:56 – Updated: 2025-02-13 17:32
VLAI
Title
Artica Proxy Unauthenticated File Manager Vulnerability
Summary
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
Severity
9.8 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| http://seclists.org/fulldisclosure/2024/Mar/13 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Artica Tech | Artica Proxy |
Affected:
4.50
Affected: 4.40 |
Date Public
2024-03-05 18:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/13"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "artica_proxy",
"vendor": "articatech",
"versions": [
{
"status": "affected",
"version": "4.50"
},
{
"status": "affected",
"version": "4.40"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:57:01.965216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:57:07.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Artica Proxy",
"vendor": "Artica Tech",
"versions": [
{
"status": "affected",
"version": "4.50"
},
{
"status": "affected",
"version": "4.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jim Becher of KoreLogic, Inc."
}
],
"datePublic": "2024-03-05T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
}
],
"value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T19:00:12.694Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Artica Proxy Unauthenticated File Manager Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2024-2055",
"datePublished": "2024-03-05T18:56:33.232Z",
"dateReserved": "2024-03-01T02:03:10.598Z",
"dateUpdated": "2025-02-13T17:32:34.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.