CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CVE-2024-35124 (GCVE-0-2024-35124)
Vulnerability from cvelistv5 – Published: 2024-08-13 11:14 – Updated: 2024-08-13 13:07
VLAI
Title
IBM OpenBMC authentication bypass
Summary
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
Severity
7.5 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7163195 | vendor-advisory |
| https://https://exchange.xforce.ibmcloud.com/vuln… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | OpenBMC |
Affected:
FW1050.00 , ≤ FW1050.10
(semver)
Affected: FW1030.00 , ≤ FW1030.50 (semver) Affected: FW1020.00 , ≤ FW1020.60 (semver) cpe:2.3:o:ibm:openbmc:FW1020.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:openbmc:FW1020.60:*:*:*:*:*:*:* cpe:2.3:o:ibm:openbmc:FW1030.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:openbmc:FW1030.50:*:*:*:*:*:*:* cpe:2.3:o:ibm:openbmc:FW1050.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:openbmc:FW1050.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:06:48.493514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:07:10.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:ibm:openbmc:FW1020.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:openbmc:FW1020.60:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:openbmc:FW1030.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:openbmc:FW1030.50:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:openbmc:FW1050.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:openbmc:FW1050.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenBMC",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "FW1050.10",
"status": "affected",
"version": "FW1050.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1030.50",
"status": "affected",
"version": "FW1030.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1020.60",
"status": "affected",
"version": "FW1020.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674."
}
],
"value": "A vulnerability in the combination of the OpenBMC\u0027s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T11:14:40.227Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7163195"
},
{
"tags": [
"vdb-entry"
],
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM OpenBMC authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35124",
"datePublished": "2024-08-13T11:14:40.227Z",
"dateReserved": "2024-05-09T16:27:14.739Z",
"dateUpdated": "2024-08-13T13:07:10.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35151 (GCVE-0-2024-35151)
Vulnerability from cvelistv5 – Published: 2024-08-22 10:12 – Updated: 2024-08-22 12:57
VLAI
Title
IBM OpenPages information disclosure
Summary
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
Severity
6.5 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7165959 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | OpenPages with Watson |
Affected:
8.3, 9.0
cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T12:57:23.184743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T12:57:30.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages with Watson",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3, 9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs."
}
],
"value": "IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T10:12:55.160Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7165959"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292638"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM OpenPages information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35151",
"datePublished": "2024-08-22T10:12:55.160Z",
"dateReserved": "2024-05-09T16:27:47.446Z",
"dateUpdated": "2024-08-22T12:57:30.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35214 (GCVE-0-2024-35214)
Vulnerability from cvelistv5 – Published: 2024-08-20 17:24 – Updated: 2024-09-29 05:02
VLAI
Title
Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows
Summary
A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BlackBerry | CylanceOPTICS for Windows |
Affected:
3.2 and 3.3
|
Date Public
2024-08-20 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:blackberry:cylanceoptics:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cylanceoptics",
"vendor": "blackberry",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T20:04:49.459656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:09:41.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-29T05:02:37.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Windows Installer Package"
],
"platforms": [
"Windows"
],
"product": "CylanceOPTICS for Windows",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "3.2 and 3.3"
}
]
}
],
"datePublic": "2024-08-20T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etampering\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability in the\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Cylance\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e"
}
],
"value": "A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T17:24:53.815Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"url": "https://support.blackberry.com/pkb/s/article/140080"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2024-35214",
"datePublished": "2024-08-20T17:24:53.815Z",
"dateReserved": "2024-05-13T21:20:04.327Z",
"dateUpdated": "2024-09-29T05:02:37.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37893 (GCVE-0-2024-37893)
Vulnerability from cvelistv5 – Published: 2024-06-17 19:39 – Updated: 2024-08-02 03:57
VLAI
Title
MFA bypass in oauth flow in Firefly III
Summary
Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager.
Severity
5.9 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/firefly-iii/firefly-iii/securi… | x_refsource_CONFIRM |
| https://owasp.org/www-community/attacks/Password_… | x_refsource_MISC |
| https://www.menlosecurity.com/what-is/highly-evas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| firefly-iii | firefly-iii |
Affected:
< 6.1.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T19:20:53.573120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:21:00.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
},
{
"name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
},
{
"name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firefly-iii",
"vendor": "firefly-iii",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:39:32.438Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
},
{
"name": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
},
{
"name": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
}
],
"source": {
"advisory": "GHSA-4gm4-c4mh-4p7w",
"discovery": "UNKNOWN"
},
"title": "MFA bypass in oauth flow in Firefly III"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37893",
"datePublished": "2024-06-17T19:39:32.438Z",
"dateReserved": "2024-06-10T19:54:41.361Z",
"dateUpdated": "2024-08-02T03:57:39.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38279 (GCVE-0-2024-38279)
Vulnerability from cvelistv5 – Published: 2024-06-13 17:00 – Updated: 2024-08-02 04:04
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Summary
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
Severity
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Motorola Solutions | Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
Affected:
0 , ≤ 3.1.171.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:motorolasolutions:vigilant_fixed_lpr_coms_box_bcav1f2_c600:3.1.171.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vigilant_fixed_lpr_coms_box_bcav1f2_c600",
"vendor": "motorolasolutions",
"versions": [
{
"lessThanOrEqual": "3.1.171.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T18:21:36.318296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T18:30:17.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"vendor": "Motorola Solutions",
"versions": [
{
"lessThanOrEqual": "3.1.171.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eThe affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T17:00:20.515Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cbr\u003e\n\n\u003cp\u003eMotorola Solutions recommends the following for each identified vulnerability:\u003c/p\u003e\u003cp\u003eCVE-2024-38279:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUse secure boot implementation with an edit-resistant GRUB partition.\u003c/li\u003e\u003cli\u003eAdditional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\u003cbr\u003ewill release a secure boot implementation in Fall 2024. All customers will receive the update\u003cbr\u003ethrough OTA (over the air) mechanisms. No further actions are required by customers.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\nCVE-2024-38279:\n\n * Use secure boot implementation with an edit-resistant GRUB partition.\n * Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\n\n\nEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\nwill release a secure boot implementation in Fall 2024. All customers will receive the update\nthrough OTA (over the air) mechanisms. No further actions are required by customers."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-38279",
"datePublished": "2024-06-13T17:00:20.515Z",
"dateReserved": "2024-06-12T16:16:09.648Z",
"dateUpdated": "2024-08-02T04:04:25.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38437 (GCVE-0-2024-38437)
Vulnerability from cvelistv5 – Published: 2024-07-21 07:17 – Updated: 2024-08-02 04:12
VLAI
Title
D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel
Summary
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
Date Public
2024-07-18 07:05
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:34:54.288682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:35:11.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-225",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "version BZ_1.00.16",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hai Vaknin, Yehuda Smirnov"
}
],
"datePublic": "2024-07-18T07:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eD-Link \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-288:Authentication Bypass Using an Alternate Path or Channel\u003c/span\u003e\n\n\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\n\n\u003c/p\u003e\n\n\u003c/span\u003e"
}
],
"value": "D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T07:17:40.752Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product is EOL. The Vendor recommends these devices be retired and replaced.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product is EOL. The Vendor recommends these devices be retired and replaced."
}
],
"source": {
"advisory": "ILVN-2024-0175",
"discovery": "UNKNOWN"
},
"title": "D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-38437",
"datePublished": "2024-07-21T07:17:40.752Z",
"dateReserved": "2024-06-16T08:00:52.286Z",
"dateUpdated": "2024-08-02T04:12:24.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39309 (GCVE-0-2024-39309)
Vulnerability from cvelistv5 – Published: 2024-07-01 21:15 – Updated: 2024-08-02 04:19
VLAI
Title
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
Severity
9.8 (Critical)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_CONFIRM |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parse-community | parse-server |
Affected:
< 6.5.7
Affected: >= 7.0.0, < 7.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parse_community:parse_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "parse_server",
"vendor": "parse_community",
"versions": [
{
"status": "affected",
"version": "6.5.7"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:29:00.388525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:32:40.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9167",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/pull/9167"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9168",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/pull/9168"
},
{
"name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
},
{
"name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5.7"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:15:26.242Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9167",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/9167"
},
{
"name": "https://github.com/parse-community/parse-server/pull/9168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/9168"
},
{
"name": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3"
},
{
"name": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b"
}
],
"source": {
"advisory": "GHSA-c2hr-cqg6-8j6r",
"discovery": "UNKNOWN"
},
"title": "ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39309",
"datePublished": "2024-07-01T21:15:26.242Z",
"dateReserved": "2024-06-21T18:15:22.260Z",
"dateUpdated": "2024-08-02T04:19:20.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41173 (GCVE-0-2024-41173)
Vulnerability from cvelistv5 – Published: 2024-08-27 08:00 – Updated: 2024-08-27 13:07
VLAI
Title
Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD
Summary
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
Severity
7.8 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Beckhoff | IPC Diagnostics package |
Affected:
0 , < 2.0.0.1
(semver)
|
|
| Beckhoff | TwinCAT/BSD |
Affected:
0 , < 14.1.2.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "twincat\\/bsd",
"vendor": "beckhoff",
"versions": [
{
"lessThan": "2.0.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:beckhoff:twincat\\/bsd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "twincat\\/bsd",
"vendor": "beckhoff",
"versions": [
{
"lessThan": "14.1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:04:08.003597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:07:46.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC Diagnostics package",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "2.0.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TwinCAT/BSD",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "14.1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
}
],
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T08:00:47.054Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-045"
}
],
"source": {
"advisory": "VDE-2024-045",
"defect": [
"CERT@VDE#641666"
],
"discovery": "UNKNOWN"
},
"title": "Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41173",
"datePublished": "2024-08-27T08:00:47.054Z",
"dateReserved": "2024-07-17T13:42:44.525Z",
"dateUpdated": "2024-08-27T13:07:46.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4186 (GCVE-0-2024-4186)
Vulnerability from cvelistv5 – Published: 2024-05-07 05:32 – Updated: 2026-04-08 16:58
VLAI
Title
Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check
Summary
The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wisdmlabs | Edwiser Bridge – WordPress Moodle Integration |
Affected:
0 , ≤ 3.0.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:33:50.548528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:56.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Edwiser Bridge \u2013 WordPress Moodle Integration",
"vendor": "wisdmlabs",
"versions": [
{
"lessThanOrEqual": "3.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the \u0027eb_user_email_verification_key\u0027 default value is empty, and the not empty check is missing in the \u0027eb_user_email_verify\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the \u0027Email Verification\u0027 setting is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:38.790Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/edwiser-bridge/tags/3.0.4/includes/class-eb-user-manager.php#L1571"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3081961/edwiser-bridge#file1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-25T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-04-25T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-06T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Edwiser Bridge \u003c= 3.0.5 - Authentication Bypass due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4186",
"datePublished": "2024-05-07T05:32:58.532Z",
"dateReserved": "2024-04-25T14:30:11.072Z",
"dateUpdated": "2026-04-08T16:58:38.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42178 (GCVE-0-2024-42178)
Vulnerability from cvelistv5 – Published: 2025-04-17 21:24 – Updated: 2025-04-18 12:02
VLAI
Title
HCL MyXalytics is affected by a failure to restrict URL access vulnerability
Summary
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.
Severity
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL MyXalytics |
Affected:
6.3
|
Date Public
2025-04-17 21:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:46:26.272738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:02:16.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL MyXalytics",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2025-04-17T21:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.\u003cbr\u003e"
}
],
"value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T21:24:34.799Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120502"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-42178",
"datePublished": "2025-04-17T21:24:34.185Z",
"dateReserved": "2024-07-29T21:32:05.157Z",
"dateUpdated": "2025-04-18T12:02:16.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.