CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CVE-2018-25145 (GCVE-0-2018-25145)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:25
VLAI
Title
Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download
Summary
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
Severity
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45036 | exploit |
| http://www.microhardcorp.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microhard Systems | Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download |
Affected:
IPn4G 1.1.0 build 1098
|
Date Public
2018-03-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25145",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:11:42.764489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:25:35.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download",
"vendor": "Microhard Systems",
"versions": [
{
"status": "affected",
"version": "IPn4G 1.1.0 build 1098"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including \u0027/www\u0027, \u0027/etc/m_cli/\u0027, and \u0027/tmp\u0027 to access system passwords and network settings."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:49.597Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45036",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45036"
},
{
"name": "Microhard Systems Product Web Page",
"tags": [
"product"
],
"url": "http://www.microhardcorp.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2018-5484)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php"
}
],
"title": "Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25145",
"datePublished": "2025-12-24T19:27:49.597Z",
"dateReserved": "2025-12-24T14:28:02.435Z",
"dateUpdated": "2025-12-24T20:25:35.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25164 (GCVE-0-2018-25164)
Vulnerability from cvelistv5 – Published: 2026-03-06 12:18 – Updated: 2026-03-09 19:07
VLAI
Title
EverSync 0.5 Arbitrary File Download via files Directory
Summary
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.
Severity
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45868 | exploit |
| https://www.vulncheck.com/advisories/eversync-arb… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Phpmassmail | EverSync |
Affected:
0.5
|
Date Public
2018-11-14 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T19:07:01.160295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T19:07:09.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EverSync",
"vendor": "Phpmassmail",
"versions": [
{
"status": "affected",
"version": "0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-11-14T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T12:18:56.400Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45868",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45868"
},
{
"name": "VulnCheck Advisory: EverSync 0.5 Arbitrary File Download via files Directory",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/eversync-arbitrary-file-download-via-files-directory"
}
],
"title": "EverSync 0.5 Arbitrary File Download via files Directory",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25164",
"datePublished": "2026-03-06T12:18:56.400Z",
"dateReserved": "2026-03-06T11:23:17.807Z",
"dateUpdated": "2026-03-09T19:07:09.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10930 (GCVE-0-2019-10930)
Vulnerability from cvelistv5 – Published: 2019-07-11 21:17 – Updated: 2024-08-04 22:40
VLAI
Summary
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules |
Affected:
All versions
|
|
| Siemens AG | DIGSI 5 engineering software |
Affected:
All versions < V7.90
|
|
| Siemens AG | SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules |
Affected:
All versions < V7.90
|
|
| Siemens AG | SIPROTEC 5 device types 7SS85 and 7KE85 |
Affected:
All versions < V8.01
|
|
| Siemens AG | SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "DIGSI 5 engineering software",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.90"
}
]
},
{
"product": "SIPROTEC 5 device types 7SS85 and 7KE85",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.01"
}
]
},
{
"product": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T16:13:01.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "DIGSI 5 engineering software",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.90"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types 7SS85 and 7KE85",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.01"
}
]
}
},
{
"product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10930",
"datePublished": "2019-07-11T21:17:47.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13941 (GCVE-0-2019-13941)
Vulnerability from cvelistv5 – Published: 2020-02-11 15:36 – Updated: 2024-08-05 00:05
VLAI
Summary
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://www.us-cert.gov/ics/advisories/icsa-20-042-09 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | OZW672 |
Affected:
All versions < V10.00
|
|
| Siemens AG | OZW772 |
Affected:
All versions < V10.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OZW672",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V10.00"
}
]
},
{
"product": "OZW772",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V10.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T19:16:14.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OZW672",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V10.00"
}
]
}
},
{
"product_name": "OZW772",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V10.00"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13941",
"datePublished": "2020-02-11T15:36:10.000Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:43.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25239 (GCVE-0-2019-25239)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:23
VLAI
Title
V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
Summary
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
Severity
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47433 | exploit |
| https://www.vsolcn.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Guangzhou V-SOLUTION Electronic Technology | GPON/EPON OLT Platform |
Affected:
V2.03.62R_IPv6
Affected: V2.03.54R Affected: V2.03.52R Affected: V2.03.49 Affected: V2.03.47 Affected: V2.03.40 Affected: V2.03.26 Affected: V2.03.24 Affected: V1.8.6 Affected: V1.4 |
Date Public
2019-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25239",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:04:48.457067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:23:32.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47433"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GPON/EPON OLT Platform",
"vendor": "Guangzhou V-SOLUTION Electronic Technology",
"versions": [
{
"status": "affected",
"version": "V2.03.62R_IPv6"
},
{
"status": "affected",
"version": "V2.03.54R"
},
{
"status": "affected",
"version": "V2.03.52R"
},
{
"status": "affected",
"version": "V2.03.49"
},
{
"status": "affected",
"version": "V2.03.47"
},
{
"status": "affected",
"version": "V2.03.40"
},
{
"status": "affected",
"version": "V2.03.26"
},
{
"status": "affected",
"version": "V2.03.24"
},
{
"status": "affected",
"version": "V1.8.6"
},
{
"status": "affected",
"version": "V1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2019-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:57.201Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47433",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47433"
},
{
"name": "V-SOL Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.vsolcn.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2019-5534)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
}
],
"title": "V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25239",
"datePublished": "2025-12-24T19:27:57.201Z",
"dateReserved": "2025-12-24T14:27:12.476Z",
"dateUpdated": "2025-12-24T20:23:32.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25709 (GCVE-0-2019-25709)
Vulnerability from cvelistv5 – Published: 2026-04-12 12:28 – Updated: 2026-04-15 15:24
VLAI
Title
CF Image Hosting Script 1.6.5 Unauthorized Database Access
Summary
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
Severity
9.8 (Critical)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46094 | exploit |
| https://davidtavarez.github.io/ | product |
| http://forum.codefuture.co.uk/showthread.php?tid=73141 | product |
| https://www.vulncheck.com/advisories/cf-image-hos… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Davidtavarez | CF Image Hosting Script |
Affected:
1.6.5
|
Date Public
2019-01-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:24:21.758399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:24:31.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CF Image Hosting Script",
"vendor": "Davidtavarez",
"versions": [
{
"status": "affected",
"version": "1.6.5"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:scripteen:free_image_hosting_script:1.6.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Tavarez"
}
],
"datePublic": "2019-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-12T12:28:54.207Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46094",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46094"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://davidtavarez.github.io/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://forum.codefuture.co.uk/showthread.php?tid=73141"
},
{
"name": "VulnCheck Advisory: CF Image Hosting Script 1.6.5 Unauthorized Database Access",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cf-image-hosting-script-unauthorized-database-access"
}
],
"title": "CF Image Hosting Script 1.6.5 Unauthorized Database Access",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25709",
"datePublished": "2026-04-12T12:28:54.207Z",
"dateReserved": "2026-04-12T12:14:33.041Z",
"dateUpdated": "2026-04-15T15:24:31.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3569 (GCVE-0-2019-3569)
Vulnerability from cvelistv5 – Published: 2019-06-26 15:09 – Updated: 2024-08-04 19:12
VLAI
Summary
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties (CWE-552)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/facebook/hhvm/commit/97ef580ec… | x_refsource_MISC |
| https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HHVM |
Affected:
4.8.1
Affected: 4.8.0 Affected: 4.7.1 Affected: 4.7.0 Affected: 4.6.1 Affected: 4.6.0 Affected: 4.5.1 Affected: 4.5.0 Affected: 4.4.1 Affected: 4.4.0 Affected: 4.3.1 Affected: 4.0.0 , < unspecified (custom) Affected: 3.30.6 Affected: unspecified , ≤ 3.30.5 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HHVM",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.0"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.30.6"
},
{
"lessThanOrEqual": "3.30.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible to External Parties (CWE-552)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T15:09:17.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-06-01",
"ID": "CVE-2019-3569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "4.8.1"
},
{
"version_affected": "=",
"version_value": "4.8.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.7.1"
},
{
"version_affected": "=",
"version_value": "4.7.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.6.1"
},
{
"version_affected": "=",
"version_value": "4.6.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.5.1"
},
{
"version_affected": "=",
"version_value": "4.5.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.4.1"
},
{
"version_affected": "=",
"version_value": "4.4.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.3.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "!=\u003e",
"version_value": "3.30.6"
},
{
"version_affected": "\u003c=",
"version_value": "3.30.5"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties (CWE-552)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed",
"refsource": "MISC",
"url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
},
{
"name": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html",
"refsource": "MISC",
"url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3569",
"datePublished": "2019-06-26T15:09:17.000Z",
"dateReserved": "2019-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3622 (GCVE-0-2019-3622)
Vulnerability from cvelistv5 – Published: 2019-07-24 16:13 – Updated: 2024-08-04 19:12
VLAI
Title
DLP Endpoint log file redirection to arbitrary locations
Summary
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
Severity
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/109370 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee, LLC | Data Loss Prevention (DLPe) for Windows |
Affected:
11.x , < 11.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10290"
},
{
"name": "109370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Loss Prevention (DLPe) for Windows",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThan": "11.3.0",
"status": "affected",
"version": "11.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T17:06:07.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10290"
},
{
"name": "109370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109370"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLP Endpoint log file redirection to arbitrary locations",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3622",
"STATE": "PUBLIC",
"TITLE": "DLP Endpoint log file redirection to arbitrary locations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Loss Prevention (DLPe) for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "11.x",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10290",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10290"
},
{
"name": "109370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109370"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3622",
"datePublished": "2019-07-24T16:13:17.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3811 (GCVE-0-2019-3811)
Vulnerability from cvelistv5 – Published: 2019-01-15 15:00 – Updated: 2025-02-13 16:27
VLAI
Summary
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
Severity
4.1 (Medium)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/106644 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2177 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The sssd Project | sssd |
Affected:
2.1
|
Date Public
2018-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"name": "106644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"name": "openSUSE-SU-2019:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"name": "openSUSE-SU-2019:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "The sssd Project",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return \u0027/\u0027 (the root directory) instead of \u0027\u0027 (the empty string / no home directory). This could impact services that restrict the user\u0027s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-29T16:06:19.380Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"name": "106644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"name": "openSUSE-SU-2019:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"name": "openSUSE-SU-2019:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3811",
"datePublished": "2019-01-15T15:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:24.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3897 (GCVE-0-2019-3897)
Vulnerability from cvelistv5 – Published: 2021-03-16 21:02 – Updated: 2024-08-04 19:26
VLAI
Summary
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1593768 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | redhat-certification |
Affected:
As shipped with Red Hat Certification 6 and 7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:26.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redhat-certification",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "As shipped with Red Hat Certification 6 and 7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T21:02:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593768"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3897",
"datePublished": "2021-03-16T21:02:23.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:26.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.