CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CVE-2021-41995 (GCVE-0-2021-41995)
Vulnerability from cvelistv5 – Published: 2022-06-30 19:25 – Updated: 2024-08-04 03:22
VLAI
Title
PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks
Summary
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
Severity
7.7 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pingidentity.com/en/resources/downloa… | x_refsource_MISC |
| https://docs.pingidentity.com/bundle/pingid/page/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ping Identity | PingID Mac Login |
Affected:
unspecified , < 1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"macOS"
],
"product": "PingID Mac Login",
"vendor": "Ping Identity",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310 Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T19:25:23.000Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
}
],
"source": {
"advisory": "SECADV031",
"discovery": "EXTERNAL"
},
"title": "PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2021-41995",
"STATE": "PUBLIC",
"TITLE": "PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingID Mac Login",
"version": {
"version_data": [
{
"platform": "macOS",
"version_affected": "\u003c",
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
"refsource": "MISC",
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
},
{
"name": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html",
"refsource": "MISC",
"url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
}
]
},
"source": {
"advisory": "SECADV031",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2021-41995",
"datePublished": "2022-06-30T19:25:23.000Z",
"dateReserved": "2021-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:25.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4353 (GCVE-0-2021-4353)
Vulnerability from cvelistv5 – Published: 2023-10-20 06:35 – Updated: 2026-04-08 16:55
VLAI
Title
WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export
Summary
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.
Severity
5.3 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RightPress | WooCommerce Dynamic Pricing and Discounts |
Affected:
0 , < 2.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4353",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:15:54.725255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:16:07.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WooCommerce Dynamic Pricing and Discounts",
"vendor": "RightPress",
"versions": [
{
"lessThan": "2.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin\u0027s settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:55:32.168Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve"
},
{
"url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-08-31T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WooCommerce Dynamic Pricing and Discounts \u003c= 2.4.1 - Unauthenticated Settings Import/Export"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4353",
"datePublished": "2023-10-20T06:35:25.115Z",
"dateReserved": "2023-06-06T12:46:11.570Z",
"dateUpdated": "2026-04-08T16:55:32.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4373 (GCVE-0-2021-4373)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:24
VLAI
Title
Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import
Summary
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
8.8 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ajay | Better Search – Relevant search results for WordPress |
Affected:
0 , < 2.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2473344"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-23T16:00:50.855142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T16:20:59.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Better Search \u2013 Relevant search results for WordPress",
"vendor": "ajay",
"versions": [
{
"lessThan": "2.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:42.876Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2473344"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-03-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Better Search \u003c= 2.5.2 - Cross-Site Request Forgery to Settings Import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4373",
"datePublished": "2023-06-07T01:51:43.709Z",
"dateReserved": "2023-06-06T13:18:29.478Z",
"dateUpdated": "2026-04-08T17:24:42.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-43935 (GCVE-0-2021-43935)
Vulnerability from cvelistv5 – Published: 2021-12-15 18:05 – Updated: 2024-09-16 23:11
VLAI
Title
ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products
Summary
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
Severity
8.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hillrom | Welch Allyn Q-Stress Cardiac Stress Testing System |
Affected:
6.0.0 , ≤ 6.3.1
(custom)
|
|
| Hillrom | Welch Allyn X-Scribe Cardiac Stress Testing System |
Affected:
5.01 , ≤ 6.3.1
(custom)
|
|
| Hillrom | Welch Allyn Diagnostic Cardiology Suite |
Affected:
2.1.0
|
|
| Hillrom | Welch Allyn Vision Express |
Affected:
6.1.0 , ≤ 6.4.0
(custom)
|
|
| Hillrom | Welch Allyn H-Scribe Holter Analysis System |
Affected:
5.01 , ≤ 6.4.0
(custom)
|
|
| Hillrom | Welch Allyn R-Scribe Resting ECG System |
Affected:
5.01 , ≤ 7.0.0
(custom)
|
|
| Hillrom | Welch Allyn Connex Cardio |
Affected:
1.0.0 , ≤ 1.1.1
(custom)
|
Date Public
2021-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Welch Allyn Q-Stress Cardiac Stress Testing System",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "6.3.1",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"product": "Welch Allyn X-Scribe Cardiac Stress Testing System",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "6.3.1",
"status": "affected",
"version": "5.01",
"versionType": "custom"
}
]
},
{
"product": "Welch Allyn Diagnostic Cardiology Suite",
"vendor": "Hillrom",
"versions": [
{
"status": "affected",
"version": "2.1.0"
}
]
},
{
"product": "Welch Allyn Vision Express",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "6.4.0",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"product": "Welch Allyn H-Scribe Holter Analysis System",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "6.4.0",
"status": "affected",
"version": "5.01",
"versionType": "custom"
}
]
},
{
"product": "Welch Allyn R-Scribe Resting ECG System",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "7.0.0",
"status": "affected",
"version": "5.01",
"versionType": "custom"
}
]
},
{
"product": "Welch Allyn Connex Cardio",
"vendor": "Hillrom",
"versions": [
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hillrom reported this vulnerability to CISA"
}
],
"datePublic": "2021-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T18:05:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products",
"workarounds": [
{
"lang": "en",
"value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-09T17:10:00.000Z",
"ID": "CVE-2021-43935",
"STATE": "PUBLIC",
"TITLE": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Welch Allyn Q-Stress Cardiac Stress Testing System",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.0",
"version_value": "6.3.1"
}
]
}
},
{
"product_name": "Welch Allyn X-Scribe Cardiac Stress Testing System",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.01",
"version_value": "6.3.1"
}
]
}
},
{
"product_name": "Welch Allyn Diagnostic Cardiology Suite",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
}
]
}
},
{
"product_name": "Welch Allyn Vision Express",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.1.0",
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "Welch Allyn H-Scribe Holter Analysis System",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.01",
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "Welch Allyn R-Scribe Resting ECG System",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.01",
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Welch Allyn Connex Cardio",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.0",
"version_value": "1.1.1"
}
]
}
}
]
},
"vendor_name": "Hillrom"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hillrom reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43935",
"datePublished": "2021-12-15T18:05:16.799Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43985 (GCVE-0-2021-43985)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-09-16 17:14
VLAI
Title
mySCADA myPRO
Summary
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
Severity
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Date Public
2021-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:40.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43985",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43985",
"datePublished": "2021-12-23T19:48:40.631Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:15.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0992 (GCVE-0-2022-0992)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:26 – Updated: 2026-04-08 16:59
VLAI
Title
SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
Summary
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| siteground | Security Optimizer – The All-In-One Protection Plugin |
Affected:
0 , ≤ 1.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2706302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:17:59.562151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:43:36.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Security Optimizer \u2013 The All-In-One Protection Plugin",
"vendor": "siteground",
"versions": [
{
"lessThanOrEqual": "1.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:59:40.026Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
},
{
"url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2706302"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-06T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "SiteGround Security \u003c= 1.2.5 - Authentication Bypass via 2FA Setup"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-0992",
"datePublished": "2022-04-19T20:26:33.000Z",
"dateReserved": "2022-03-16T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:59:40.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1067 (GCVE-0-2022-1067)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2025-04-16 16:31
VLAI
Title
ICSMA-22-095-01 LifePoint Informatics Patient Portal
Summary
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
Severity
6.5 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LifePoint Informatics | Patient Portal |
Affected:
All , < LPI 3.5.12.P30
(custom)
|
Date Public
2022-04-05 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:50.788273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:31:04.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Patient Portal",
"vendor": "LifePoint Informatics",
"versions": [
{
"lessThan": "LPI 3.5.12.P30",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew Perrong reported this vulnerability to CISA."
}
],
"datePublic": "2022-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:38:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
}
],
"source": {
"advisory": "ICSMA-22-095-01",
"discovery": "EXTERNAL"
},
"title": "ICSMA-22-095-01 LifePoint Informatics Patient Portal",
"workarounds": [
{
"lang": "en",
"value": "LifePoint Informatics released and deployed updated Version LPI 3.5.15 in February of 2022, which mitigated this vulnerability. LifePoint Informatics Patient Portal is a hosted application and users don\u2019t need to take any action."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-05T17:00:00.000Z",
"ID": "CVE-2022-1067",
"STATE": "PUBLIC",
"TITLE": "ICSMA-22-095-01 LifePoint Informatics Patient Portal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Patient Portal",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "LPI 3.5.12.P30"
}
]
}
}
]
},
"vendor_name": "LifePoint Informatics"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrew Perrong reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
}
]
},
"source": {
"advisory": "ICSMA-22-095-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "LifePoint Informatics released and deployed updated Version LPI 3.5.15 in February of 2022, which mitigated this vulnerability. LifePoint Informatics Patient Portal is a hosted application and users don\u2019t need to take any action."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1067",
"datePublished": "2022-04-11T19:38:15.631Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:31:04.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1681 (GCVE-0-2022-1681)
Vulnerability from cvelistv5 – Published: 2022-05-12 07:45 – Updated: 2024-08-03 00:10
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
Summary
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
Severity
7.2 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/591b11e1-7504-4a96-99c… | x_refsource_CONFIRM |
| https://github.com/requarks/wiki/commit/78d02dc8e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| requarks | requarks/wiki |
Affected:
unspecified , < 2.5.281
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "requarks/wiki",
"vendor": "requarks",
"versions": [
{
"lessThan": "2.5.281",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T07:45:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1681",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "requarks/wiki",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.5.281"
}
]
}
}
]
},
"vendor_name": "requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
"refsource": "MISC",
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
]
},
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1681",
"datePublished": "2022-05-12T07:45:14.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2031 (GCVE-0-2022-2031)
Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-03 00:24
VLAI
Summary
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.samba.org/samba/security/CVE-2022-2031.html | |
| https://security.gentoo.org/glsa/202309-06 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2022-2031.html"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other\u0027s tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T08:06:21.529Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.samba.org/samba/security/CVE-2022-2031.html"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2031",
"datePublished": "2022-08-25T00:00:00.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22189 (GCVE-0-2022-22189)
Vulnerability from cvelistv5 – Published: 2022-04-14 15:50 – Updated: 2024-09-16 23:36
VLAI
Title
Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication
Summary
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.
Severity
7.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA69498 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Contrail Service Orchestration |
Affected:
6.0.0 , < 6.0.0 Patch v3
(custom)
|
|
| Juniper Networks | Contrail Service Orchestration |
Unaffected:
unspecified , < 6.0.0
(custom)
|
Date Public
2022-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"On-premises"
],
"product": "Contrail Service Orchestration",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "6.0.0 Patch v3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"product": "Contrail Service Orchestration",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:49.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69498"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: On-premises: Contrail Service Orchestration 6.0.0 Patch v3, 6.1.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69498",
"defect": [
"CXU-56990"
],
"discovery": "USER"
},
"title": "Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22189",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
{
"platform": "On-premises",
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.0 Patch v3"
},
{
"version_affected": "!\u003c",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69498",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69498"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: On-premises: Contrail Service Orchestration 6.0.0 Patch v3, 6.1.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69498",
"defect": [
"CXU-56990"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22189",
"datePublished": "2022-04-14T15:50:49.176Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:26.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.