CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CVE-2020-15188 (GCVE-0-2020-15188)
Vulnerability from cvelistv5 – Published: 2020-09-18 17:05 – Updated: 2024-08-04 13:08
VLAI
Title
Unauthenticated Remote Code Execution in SOY CMS
Summary
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
Severity
10 (Critical)
CWE
- CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/inunosinsi/soycms/security/adv… | x_refsource_CONFIRM |
| https://github.com/inunosinsi/soycms/issues/10 | x_refsource_MISC |
| https://github.com/inunosinsi/soycms/pull/12/comm… | x_refsource_MISC |
| https://www.youtube.com/watch?v=zAE4Swjc-GU&featu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| inunosinsi | soycms |
Affected:
< 3.0.2.328
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inunosinsi/soycms/issues/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "soycms",
"vendor": "inunosinsi",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.2.328"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T17:05:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inunosinsi/soycms/issues/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
}
],
"source": {
"advisory": "GHSA-hrrx-m22r-p9jp",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Code Execution in SOY CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15188",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated Remote Code Execution in SOY CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "soycms",
"version": {
"version_data": [
{
"version_value": "\u003c 3.0.2.328"
}
]
}
}
]
},
"vendor_name": "inunosinsi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp",
"refsource": "CONFIRM",
"url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
},
{
"name": "https://github.com/inunosinsi/soycms/issues/10",
"refsource": "MISC",
"url": "https://github.com/inunosinsi/soycms/issues/10"
},
{
"name": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020",
"refsource": "MISC",
"url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
},
{
"name": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
}
]
},
"source": {
"advisory": "GHSA-hrrx-m22r-p9jp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15188",
"datePublished": "2020-09-18T17:05:18.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15244 (GCVE-0-2020-15244)
Vulnerability from cvelistv5 – Published: 2020-10-21 20:05 – Updated: 2024-08-04 13:08
VLAI
Title
RCE in Magento
Summary
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenMage/magento-lts/security/… | x_refsource_CONFIRM |
| https://github.com/OpenMage/magento-lts/commit/26… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.8
Affected: >= 20.0.0, < 20.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:23.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.8"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T20:05:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
}
],
"source": {
"advisory": "GHSA-jrgf-vfw2-hj26",
"discovery": "UNKNOWN"
},
"title": "RCE in Magento",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15244",
"STATE": "PUBLIC",
"TITLE": "RCE in Magento"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.8"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.4"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
}
]
},
"source": {
"advisory": "GHSA-jrgf-vfw2-hj26",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15244",
"datePublished": "2020-10-21T20:05:20.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:23.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17405 (GCVE-0-2020-17405)
Vulnerability from cvelistv5 – Published: 2020-09-01 18:00 – Updated: 2024-08-04 13:53
VLAI
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.
Severity
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symphony",
"vendor": "Senstar",
"versions": [
{
"status": "affected",
"version": "7.3.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joachim Kerschbaumer (@joachimk)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T18:00:16.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-17405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symphony",
"version": {
"version_data": [
{
"version_value": "7.3.2.2"
}
]
}
}
]
},
"vendor_name": "Senstar"
}
]
}
},
"credit": "Joachim Kerschbaumer (@joachimk)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-17405",
"datePublished": "2020-09-01T18:00:16.000Z",
"dateReserved": "2020-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:53:17.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17531 (GCVE-0-2020-17531)
Vulnerability from cvelistv5 – Published: 2020-12-08 00:00 – Updated: 2024-08-04 14:00
VLAI
Title
Deserialization flaw in EOL Tapestry 4.
Summary
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
Severity
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Affected:
Apache Tapestry 4 , ≤ 4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20201208 CVE-2020-17531: Deserialization flaw in EOL Tapestry 4.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4",
"status": "affected",
"version": "Apache Tapestry 4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Tapestry would like to thank Adrian Bravo (@adrianbravon) for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the \"sp\" parameter even before invoking the page\u0027s validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20201208 CVE-2020-17531: Deserialization flaw in EOL Tapestry 4.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deserialization flaw in EOL Tapestry 4.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17531",
"datePublished": "2020-12-08T00:00:00.000Z",
"dateReserved": "2020-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:00:48.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26207 (GCVE-0-2020-26207)
Vulnerability from cvelistv5 – Published: 2020-11-04 22:00 – Updated: 2024-08-04 15:49
VLAI
Title
Unsafe deserialization in DatabaseSchemaViewer
Summary
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.
Severity
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/martinjw/dbschemareader/securi… | x_refsource_CONFIRM |
| https://github.com/martinjw/dbschemareader/commit… | x_refsource_MISC |
| https://github.com/martinjw/dbschemareader/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| martinjw | dbschemareader |
Affected:
< 2.7.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dbschemareader",
"vendor": "martinjw",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-04T22:00:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3"
}
],
"source": {
"advisory": "GHSA-rfjh-m356-mpqf",
"discovery": "UNKNOWN"
},
"title": "Unsafe deserialization in DatabaseSchemaViewer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26207",
"STATE": "PUBLIC",
"TITLE": "Unsafe deserialization in DatabaseSchemaViewer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dbschemareader",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.4.3"
}
]
}
}
]
},
"vendor_name": "martinjw"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf",
"refsource": "CONFIRM",
"url": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf"
},
{
"name": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994",
"refsource": "MISC",
"url": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994"
},
{
"name": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3",
"refsource": "MISC",
"url": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3"
}
]
},
"source": {
"advisory": "GHSA-rfjh-m356-mpqf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26207",
"datePublished": "2020-11-04T22:00:17.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:07.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26867 (GCVE-0-2020-26867)
Vulnerability from cvelistv5 – Published: 2020-10-12 13:54 – Updated: 2024-09-16 22:16
VLAI
Title
ARC Informatique PcVue Deserialization of Untrusted Data
Summary
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03 | x_refsource_MISC |
| https://www.pcvuesolutions.com/security | x_refsource_CONFIRM |
| https://ics-cert.kaspersky.com/advisories/klcert-… | x_refsource_CONFIRM |
| https://www.pcvuesolutions.com/support/index.php/… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ARC Informatique | PcVue |
Affected:
unspecified , ≤ 12.0.17
(custom)
|
Date Public
2020-11-03 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcvuesolutions.com/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PcVue",
"vendor": "ARC Informatique",
"versions": [
{
"lessThanOrEqual": "12.0.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sergey Temnikov and Andrey Muravitsky of Kaspersky Lab reported these vulnerabilities to ARC Informatique."
}
],
"datePublic": "2020-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-11T15:15:36.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcvuesolutions.com/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
}
],
"solutions": [
{
"lang": "en",
"value": "ARC Informatique recommends upgrading PcVue to v12.0.17. Contact PcVue Support to receive instructions on downloading and installing the latest software version."
}
],
"source": {
"advisory": "ICSA-20-308-03",
"discovery": "UNKNOWN"
},
"title": "ARC Informatique PcVue Deserialization of Untrusted Data",
"workarounds": [
{
"lang": "en",
"value": "The following mitigations and workarounds have been identified by ARC Informatique to help reduce risk:\n\nUninstall the web and mobile backend. Users not using the affected components should uninstall them. If the components are not required, do not install them.\nChange default configuration if using components prior to v12.0. If taking advantage of the web and mobile back features with a product version up to v11.2, change the following configuration item manually to prevent remote code execution\nIn the file \u003cPcVue installation directory\u003e\\Bin\\PropertyServer.config\u003e, change the following element and set it to \u201cLow\u201d (defaults to \u201cFull\u201d):\n \u003cserverProviders\u003e\n \u003cformatter ref=\u201dbinary\u201d typeFilterLevel=\u201dLow\u201d /\u003e\n \u003c/serverProviders\u003e\n\n \nThis workaround cannot be applied to PcVue v12.0\nHarden firewall configuration by ensuring that incoming connections on the corresponding port are authorized only if initiated by the IIS Web Server process. The listening port is configurable (default 8090) and may have been changed on the system using the Application Explorer."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2020-11-03T00:00:00.000Z",
"ID": "CVE-2020-26867",
"STATE": "PUBLIC",
"TITLE": "ARC Informatique PcVue Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PcVue",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "12.0.17"
}
]
}
}
]
},
"vendor_name": "ARC Informatique"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sergey Temnikov and Andrey Muravitsky of Kaspersky Lab reported these vulnerabilities to ARC Informatique."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
},
{
"name": "https://www.pcvuesolutions.com/security",
"refsource": "CONFIRM",
"url": "https://www.pcvuesolutions.com/security"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/",
"refsource": "CONFIRM",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/"
},
{
"name": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1",
"refsource": "CONFIRM",
"url": "https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "ARC Informatique recommends upgrading PcVue to v12.0.17. Contact PcVue Support to receive instructions on downloading and installing the latest software version."
}
],
"source": {
"advisory": "ICSA-20-308-03",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The following mitigations and workarounds have been identified by ARC Informatique to help reduce risk:\n\nUninstall the web and mobile backend. Users not using the affected components should uninstall them. If the components are not required, do not install them.\nChange default configuration if using components prior to v12.0. If taking advantage of the web and mobile back features with a product version up to v11.2, change the following configuration item manually to prevent remote code execution\nIn the file \u003cPcVue installation directory\u003e\\Bin\\PropertyServer.config\u003e, change the following element and set it to \u201cLow\u201d (defaults to \u201cFull\u201d):\n \u003cserverProviders\u003e\n \u003cformatter ref=\u201dbinary\u201d typeFilterLevel=\u201dLow\u201d /\u003e\n \u003c/serverProviders\u003e\n\n \nThis workaround cannot be applied to PcVue v12.0\nHarden firewall configuration by ensuring that incoming connections on the corresponding port are authorized only if initiated by the IIS Web Server process. The listening port is configurable (default 8090) and may have been changed on the system using the Application Explorer."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-26867",
"datePublished": "2020-10-12T13:54:47.081Z",
"dateReserved": "2020-10-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:16:02.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27868 (GCVE-0-2020-27868)
Vulnerability from cvelistv5 – Published: 2021-02-11 23:35 – Updated: 2024-08-04 16:25
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.qognify.com/support-training/software… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1453/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qognify.com/support-training/software-downloads/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ocularis",
"vendor": "Qognify",
"versions": [
{
"status": "affected",
"version": "5.9.0.395"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joachim Kerschbaumer (@joachimk)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T13:59:23.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1453/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qognify.com/support-training/software-downloads/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ocularis",
"version": {
"version_data": [
{
"version_value": "5.9.0.395"
}
]
}
}
]
},
"vendor_name": "Qognify"
}
]
}
},
"credit": "Joachim Kerschbaumer (@joachimk)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects provided to the EventCoordinator endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-11257."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1453/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1453/"
},
{
"name": "https://www.qognify.com/support-training/software-downloads/",
"refsource": "MISC",
"url": "https://www.qognify.com/support-training/software-downloads/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27868",
"datePublished": "2021-02-11T23:35:41.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:25:43.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36718 (GCVE-0-2020-36718)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:12
VLAI
Title
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
Summary
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ninjateam | GDPR CCPA Compliance & Cookie Consent Banner |
Affected:
0 , ≤ 2.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:40:43.655866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:54:36.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GDPR CCPA Compliance \u0026 Cookie Consent Banner",
"vendor": "ninjateam",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:40.753Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-11-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "GDPR CCPA Compliance Support \u003c= 2.3 - PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36718",
"datePublished": "2023-06-07T01:51:35.736Z",
"dateReserved": "2023-06-06T13:04:55.503Z",
"dateUpdated": "2026-04-08T17:12:40.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36726 (GCVE-0-2020-36726)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:27
VLAI
Title
Ultimate Reviews < 2.1.33 - PHP Object Injection
Summary
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rustaurius | Ultimate Reviews |
Affected:
0 , < 2.1.33
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2409141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:40:34.271067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:53:13.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Reviews",
"vendor": "rustaurius",
"versions": [
{
"lessThan": "2.1.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:32.795Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve"
},
{
"url": "https://blog.nintechnet.com/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2409141"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-11-10T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Ultimate Reviews \u003c 2.1.33 - PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36726",
"datePublished": "2023-06-07T01:51:46.527Z",
"dateReserved": "2023-06-06T13:21:47.283Z",
"dateUpdated": "2026-04-08T17:27:32.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36727 (GCVE-0-2020-36727)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:27
VLAI
Title
Newsletter Manager <= 1.5.1 - Insecure Deserialization
Summary
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.
Severity
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| f1logic | Newsletter Manager |
Affected:
0 , ≤ 1.5.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:40:31.895481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:53:07.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Newsletter Manager",
"vendor": "f1logic",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the \u0027customFieldsDetails\u0027 parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:54.731Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve"
},
{
"url": "https://blog.nintechnet.com/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched/"
},
{
"url": "https://wpscan.com/vulnerability/b82124b1-e5e1-4f1e-9513-90474fd3f066"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-12-29T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Newsletter Manager \u003c= 1.5.1 - Insecure Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36727",
"datePublished": "2023-06-07T01:51:47.021Z",
"dateReserved": "2023-06-06T13:21:59.609Z",
"dateUpdated": "2026-04-08T17:27:54.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
Phase: Implementation
Description:
- When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Phase: Implementation
Description:
- Explicitly define a final object() to prevent deserialization.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Phase: Implementation
Description:
- Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.