CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CVE-2023-37856 (GCVE-0-2023-37856)
Vulnerability from cvelistv5 – Published: 2023-08-09 06:36 – Updated: 2024-10-08 15:03
VLAI
Title
PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
Summary
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | WP 6070-WVPS |
Affected:
0 , < 4.0.10
(semver)
|
|
| PHOENIX CONTACT | WP 6101-WXPS |
Affected:
0 , < 4.0.10
(semver)
|
|
| PHOENIX CONTACT | WP 6121-WXPS |
Affected:
0 , < 4.0.10
(semver)
|
|
| PHOENIX CONTACT | WP 6156-WHPS |
Affected:
0 , < 4.0.10
(semver)
|
|
| PHOENIX CONTACT | WP 6185-WHPS |
Affected:
0 , < 4.0.10
(semver)
|
|
| PHOENIX CONTACT | WP 6215-WHPS |
Affected:
0 , < 4.0.10
(semver)
|
Date Public
2023-08-08 06:45
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T15:00:14.667489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:03:25.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP 6070-WVPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6101-WXPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6121-WXPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6156-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6185-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WP 6215-WHPS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"datePublic": "2023-08-08T06:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T06:36:49.331Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
],
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"title": "PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-37856",
"datePublished": "2023-08-09T06:36:49.331Z",
"dateReserved": "2023-07-10T07:53:04.115Z",
"dateUpdated": "2024-10-08T15:03:25.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38046 (GCVE-0-2023-38046)
Vulnerability from cvelistv5 – Published: 2023-07-12 16:20 – Updated: 2025-02-10 21:58
VLAI
Title
PAN-OS: Read System Files and Resources During Configuration Commit
Summary
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | PAN-OS |
Affected:
11.0 , < 11.0.1
(custom)
Affected: 10.2 , < 10.2.4 (custom) Unaffected: 10.1 Unaffected: 10.0 Unaffected: 9.1 Unaffected: 9.0 Unaffected: 8.1 |
|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
|
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
|
Date Public
2023-07-12 16:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-38046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-16T04:00:13.237115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T21:58:15.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.0.1",
"status": "unaffected"
}
],
"lessThan": "11.0.1",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4",
"status": "unaffected"
}
],
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1"
},
{
"status": "unaffected",
"version": "10.0"
},
{
"status": "unaffected",
"version": "9.1"
},
{
"status": "unaffected",
"version": "9.0"
},
{
"status": "unaffected",
"version": "8.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kajetan Rostojek"
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system."
}
],
"value": "A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T05:21:39.901Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-38046"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n"
}
],
"source": {
"defect": [
"PAN-208922"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-07-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Read System Files and Resources During Configuration Commit",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires the attacker to have authenticated access to PAN-OS. You can mitigate the impact of this issue by following best practices for securing PAN-OS. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\"\u003ehttps://docs.paloaltonetworks.com/best-practices\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "This issue requires the attacker to have authenticated access to PAN-OS. You can mitigate the impact of this issue by following best practices for securing PAN-OS. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-38046",
"datePublished": "2023-07-12T16:20:06.175Z",
"dateReserved": "2023-07-12T05:16:41.577Z",
"dateUpdated": "2025-02-10T21:58:15.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4089 (GCVE-0-2023-4089)
Vulnerability from cvelistv5 – Published: 2023-10-17 06:00 – Updated: 2025-02-27 20:40
VLAI
Title
WAGO: Multiple products vulnerable to local file inclusion
Summary
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| WAGO | Compact Controller CC100 |
Affected:
FW19 , ≤ FW26
(semver)
|
|
| WAGO | Edge Controller |
Affected:
FW18 , ≤ FW26
(semver)
|
|
| WAGO | PFC100 |
Affected:
FW16 , ≤ FW26
(semver)
|
|
| WAGO | PFC200 |
Affected:
FW16 , ≤ FW26
(semver)
|
|
| WAGO | Touch Panel 600 Advanced Line |
Affected:
FW16 , ≤ FW26
(semver)
|
|
| WAGO | Touch Panel 600 Marine Line |
Affected:
FW16 , ≤ FW26
(semver)
|
|
| WAGO | Touch Panel 600 Standard Line |
Affected:
FW16 , ≤ FW26
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:11.155380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:40:32.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact Controller CC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge Controller",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW18",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC100",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PFC200",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Advanced Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Marine Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touch Panel 600 Standard Line",
"vendor": "WAGO",
"versions": [
{
"lessThanOrEqual": "FW26",
"status": "affected",
"version": "FW16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Floris Hendriks and Jeroen Wijenbergh from Radboud University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"value": "On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T06:00:28.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-046/"
}
],
"source": {
"advisory": "VDE-2023-046",
"defect": [
"CERT@VDE#64532"
],
"discovery": "EXTERNAL"
},
"title": "WAGO: Multiple products vulnerable to local file inclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4089",
"datePublished": "2023-10-17T06:00:28.908Z",
"dateReserved": "2023-08-02T07:20:35.600Z",
"dateUpdated": "2025-02-27T20:40:32.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44209 (GCVE-0-2023-44209)
Vulnerability from cvelistv5 – Published: 2023-10-04 19:44 – Updated: 2026-03-05 23:49
VLAI
Summary
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29051, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 29051
(semver)
|
|
| Acronis | Acronis Cyber Protect 17 |
Affected:
unspecified , < 41186
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SEC-2119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2119"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:31:06.328497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:31:13.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "29051",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 17",
"vendor": "Acronis",
"versions": [
{
"lessThan": "41186",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 29051, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T23:49:38.183Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-2119",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-2119"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2023-44209",
"datePublished": "2023-10-04T19:44:00.895Z",
"dateReserved": "2023-09-26T20:08:46.834Z",
"dateUpdated": "2026-03-05T23:49:38.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13177 (GCVE-0-2024-13177)
Vulnerability from cvelistv5 – Published: 2025-04-15 15:21 – Updated: 2025-04-15 16:14
VLAI
Title
Symlink Following in Netskope Client Postinstall Script
Summary
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system.
This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Netskope | Netskope Client |
Affected:
0 , < 123.0
(custom)
Affected: 0 , < 117.1.11.2310 (custom) Affected: 0 , < 120.1.10.2306 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T16:08:03.378825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:14:08.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "123.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "117.1.11.2310",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "120.1.10.2306",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Max Keasley"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \u003cbr\u003e\u003cp\u003eThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.\u003c/p\u003e"
}
],
"value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:21:21.941Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the Netskope Client to one of the following versions:\u003cbr\u003e\u003cul\u003e\u003cli\u003eR123 or above\u003c/li\u003e\u003cli\u003e120.1.10.2306\u003c/li\u003e\u003cli\u003e117.1.11.2310\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Upgrade the Netskope Client to one of the following versions:\n * R123 or above\n * 120.1.10.2306\n * 117.1.11.2310"
}
],
"source": {
"advisory": "NSKPSA-2024-004",
"discovery": "UNKNOWN"
},
"title": "Symlink Following in Netskope Client Postinstall Script",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2024-13177",
"datePublished": "2025-04-15T15:21:21.941Z",
"dateReserved": "2025-01-07T14:24:14.138Z",
"dateUpdated": "2025-04-15T16:14:08.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23639 (GCVE-0-2024-23639)
Vulnerability from cvelistv5 – Published: 2024-02-09 00:15 – Updated: 2024-08-01 23:06
VLAI
Title
micronaut-core management endpoints vulnerable to drive-by localhost attack
Summary
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/micronaut-projects/micronaut-c… | x_refsource_CONFIRM |
| https://developer.mozilla.org/en-US/docs/Web/HTTP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| micronaut-projects | micronaut-core |
Affected:
< 3.8.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T15:05:36.495631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:04.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "micronaut-core",
"vendor": "micronaut-projects",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664: Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T00:15:34.496Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"
}
],
"source": {
"advisory": "GHSA-583g-g682-crxf",
"discovery": "UNKNOWN"
},
"title": "micronaut-core management endpoints vulnerable to drive-by localhost attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23639",
"datePublished": "2024-02-09T00:15:34.496Z",
"dateReserved": "2024-01-19T00:18:53.233Z",
"dateUpdated": "2024-08-01T23:06:25.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24760 (GCVE-0-2024-24760)
Vulnerability from cvelistv5 – Published: 2024-02-02 15:28 – Updated: 2025-05-15 19:49
VLAI
Title
Mailcow Docker Container Exposure to Local Network
Summary
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mailcow/mailcow-dockerized/sec… | x_refsource_CONFIRM |
| https://github.com/mailcow/mailcow-dockerized/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mailcow | mailcow-dockerized |
Affected:
< 2024-01c
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:46:19.747960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:49:55.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mailcow-dockerized",
"vendor": "mailcow",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-01c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions \u003c 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:28:22.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6"
},
{
"name": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88"
}
],
"source": {
"advisory": "GHSA-gmpj-5xcm-xxx6",
"discovery": "UNKNOWN"
},
"title": "Mailcow Docker Container Exposure to Local Network"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24760",
"datePublished": "2024-02-02T15:28:22.086Z",
"dateReserved": "2024-01-29T20:51:26.010Z",
"dateUpdated": "2025-05-15T19:49:55.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24818 (GCVE-0-2024-24818)
Vulnerability from cvelistv5 – Published: 2024-02-29 15:17 – Updated: 2024-08-05 17:15
VLAI
Title
EspoCRM weakness in "Forgot password"
Summary
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/espocrm/espocrm/security/advis… | x_refsource_CONFIRM |
| https://github.com/espocrm/espocrm/commit/3babdfa… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j"
},
{
"name": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:espocrm:espocrm:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "espocrm",
"vendor": "espocrm",
"versions": [
{
"lessThan": "8.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24818",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:13:07.854434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:15:03.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "espocrm",
"vendor": "espocrm",
"versions": [
{
"status": "affected",
"version": "\u003c 8.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in \"Password Change\" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T15:17:16.859Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j"
},
{
"name": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7"
}
],
"source": {
"advisory": "GHSA-8gv6-8r33-fm7j",
"discovery": "UNKNOWN"
},
"title": "EspoCRM weakness in \"Forgot password\""
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24818",
"datePublished": "2024-02-29T15:17:16.859Z",
"dateReserved": "2024-01-31T16:28:17.942Z",
"dateUpdated": "2024-08-05T17:15:03.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28962 (GCVE-0-2024-28962)
Vulnerability from cvelistv5 – Published: 2024-08-06 03:59 – Updated: 2024-08-06 13:33
VLAI
Summary
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022723… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Update (DU) |
Affected:
N/A , < 5.4
(semver)
|
|
| dell | command_update |
Affected:
0 , < 5.4
(semver)
cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:* |
|
| dell | update |
Affected:
0 , < 5.4
(semver)
cpe:2.3:a:dell:update:*:*:*:*:*:*:*:* |
|
| dell | alienware_update |
Affected:
0 , < 5.4
(semver)
cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:* |
Date Public
2024-08-05 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "command_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:18:26.953734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:00.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Update (DU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Skyler Ferrante for reporting this issue."
}
],
"datePublic": "2024-08-05T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:59:10.203Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-28962",
"datePublished": "2024-08-06T03:59:10.203Z",
"dateReserved": "2024-03-13T15:42:12.960Z",
"dateUpdated": "2024-08-06T13:33:00.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29069 (GCVE-0-2024-29069)
Vulnerability from cvelistv5 – Published: 2024-07-25 19:39 – Updated: 2024-08-02 01:03
VLAI
Title
snapd will follow archived symlinks when unpacking a filesystem
Summary
In snapd versions prior to 2.62, snapd failed to properly check the
destination of symbolic links when extracting a snap. The snap format
is a squashfs file-system image and so can contain symbolic links and
other file types. Various file entries within the snap squashfs image
(such as icons and desktop files etc) are directly read by snapd when
it is extracted. An attacker who could convince a user to install a
malicious snap which contained symbolic links at these paths could then
cause snapd to write out the contents of the symbolic link destination
into a world-readable directory. This in-turn could allow an unprivileged
user to gain access to privileged information.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Date Public
2024-03-14 13:47
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T13:27:42.541639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T13:27:49.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snapcore/snapd/pull/13682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"squashfs"
],
"packageName": "snapd",
"platforms": [
"Linux"
],
"product": "snapd",
"programFiles": [
"snap/container.go",
"snap/snapdir/snapdir.go",
"snap/squashfs/squashfs.go"
],
"repo": "https://github.com/snapcore/snapd/",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zeyad Gouda"
}
],
"datePublic": "2024-03-14T13:47:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In snapd versions prior to 2.62, snapd failed to properly check the\ndestination of symbolic links when extracting a snap. The snap format \nis a squashfs file-system image and so can contain symbolic links and\nother file types. Various file entries within the snap squashfs image\n(such as icons and desktop files etc) are directly read by snapd when\nit is extracted. An attacker who could convince a user to install a\nmalicious snap which contained symbolic links at these paths could then \ncause snapd to write out the contents of the symbolic link destination\ninto a world-readable directory. This in-turn could allow an unprivileged\nuser to gain access to privileged information."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:39:41.050Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://github.com/snapcore/snapd/pull/13682"
}
],
"title": "snapd will follow archived symlinks when unpacking a filesystem"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-29069",
"datePublished": "2024-07-25T19:39:41.050Z",
"dateReserved": "2024-03-14T23:09:12.771Z",
"dateUpdated": "2024-08-02T01:03:51.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.