CWE-799
Improper Control of Interaction Frequency
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
CVE-2016-6543 (GCVE-0-2016-6543)
Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
Severity ?
No CVSS data available.
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#974055",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/974055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "93875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easy",
"vendor": "iTrack",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"datePublic": "2016-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#974055",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/974055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "93875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93875"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6543",
"STATE": "PUBLIC",
"TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "93875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93875"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6543",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:36:27.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5141 (GCVE-0-2020-5141)
Vulnerability from cvelistv5 – Published: 2020-10-12 10:40 – Updated: 2024-08-04 08:22
VLAI?
Summary
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Severity ?
No CVSS data available.
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SonicWall | SonicOS |
Affected:
SonicOS 6.5.4.7-79n and earlier
Affected: SonicOS 5.9.1.7-2n and earlier Affected: SonicOS 5.9.1.13-5n and earlier Affected: SonicOS 6.5.1.11-4n and earlier Affected: SonicOS 6.0.5.3-93o and earlier Affected: SonicOSv 6.5.4.4-44v-21-794 and earlier Affected: SonicOS 7.0.0.0-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SonicOS 6.5.4.7-79n and earlier"
},
{
"status": "affected",
"version": "SonicOS 5.9.1.7-2n and earlier"
},
{
"status": "affected",
"version": "SonicOS 5.9.1.13-5n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.5.1.11-4n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.0.5.3-93o and earlier"
},
{
"status": "affected",
"version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"status": "affected",
"version": "SonicOS 7.0.0.0-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T10:40:31",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2020-5141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "SonicOS 6.5.4.7-79n and earlier"
},
{
"version_value": "SonicOS 5.9.1.7-2n and earlier"
},
{
"version_value": "SonicOS 5.9.1.13-5n and earlier"
},
{
"version_value": "SonicOS 6.5.1.11-4n and earlier"
},
{
"version_value": "SonicOS 6.0.5.3-93o and earlier"
},
{
"version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"version_value": "SonicOS 7.0.0.0-1"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2020-5141",
"datePublished": "2020-10-12T10:40:31",
"dateReserved": "2019-12-31T00:00:00",
"dateUpdated": "2024-08-04T08:22:08.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32678 (GCVE-0-2021-32678)
Vulnerability from cvelistv5 – Published: 2021-07-12 12:25 – Updated: 2024-08-03 23:25
VLAI?
Summary
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.
Severity ?
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 19.0.13
Affected: >= 20.0.0, < 20.0.11 Affected: >= 21.0.0, < 21.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/27329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1214158"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.13"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:11:28",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/27329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1214158"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-48rx-3gmf-g74j",
"discovery": "UNKNOWN"
},
"title": "Ratelimit not applied on OCS API responses",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32678",
"STATE": "PUBLIC",
"TITLE": "Ratelimit not applied on OCS API responses"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.13"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j"
},
{
"name": "https://github.com/nextcloud/server/pull/27329",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/27329"
},
{
"name": "https://hackerone.com/reports/1214158",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1214158"
},
{
"name": "FEDORA-2021-9b421b78af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-48rx-3gmf-g74j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32678",
"datePublished": "2021-07-12T12:25:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32703 (GCVE-0-2021-32703)
Vulnerability from cvelistv5 – Published: 2021-07-12 15:25 – Updated: 2024-08-03 23:25
VLAI?
Summary
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Severity ?
5.3 (Medium)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 19.0.13
Affected: >= 20.0.0, < 20.0.11 Affected: >= 21.0.0, < 21.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/26945"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1173684"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.13"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:10:29",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/26945"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1173684"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-375p-cxxq-gc9p",
"discovery": "UNKNOWN"
},
"title": "Lack of ratelimit on shareinfo endpoint",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32703",
"STATE": "PUBLIC",
"TITLE": "Lack of ratelimit on shareinfo endpoint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.13"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p"
},
{
"name": "https://github.com/nextcloud/server/pull/26945",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/26945"
},
{
"name": "https://hackerone.com/reports/1173684",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1173684"
},
{
"name": "FEDORA-2021-9b421b78af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-375p-cxxq-gc9p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32703",
"datePublished": "2021-07-12T15:25:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32705 (GCVE-0-2021-32705)
Vulnerability from cvelistv5 – Published: 2021-07-12 15:30 – Updated: 2024-08-03 23:25
VLAI?
Summary
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Severity ?
5.3 (Medium)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 19.0.13
Affected: >= 20.0.0, < 20.0.11 Affected: >= 21.0.0, < 21.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/27610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1192159"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.13"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:09:24",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/27610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1192159"
},
{
"name": "FEDORA-2021-9b421b78af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-fjv7-283f-5m54",
"discovery": "UNKNOWN"
},
"title": "Lack of ratelimit on public DAV endpoint",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32705",
"STATE": "PUBLIC",
"TITLE": "Lack of ratelimit on public DAV endpoint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.13"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54"
},
{
"name": "https://github.com/nextcloud/server/pull/27610",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/27610"
},
{
"name": "https://hackerone.com/reports/1192159",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1192159"
},
{
"name": "FEDORA-2021-9b421b78af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/"
},
{
"name": "FEDORA-2021-6f327296fe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-fjv7-283f-5m54",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32705",
"datePublished": "2021-07-12T15:30:14",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32741 (GCVE-0-2021-32741)
Vulnerability from cvelistv5 – Published: 2021-07-12 22:05 – Updated: 2024-08-03 23:33
VLAI?
Summary
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Severity ?
5.3 (Medium)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 19.0.13
Affected: >= 20.0.0, < 20.0.11 Affected: >= 21.0.0, < 21.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/26958"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1192144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.13"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T22:05:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/26958"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1192144"
}
],
"source": {
"advisory": "GHSA-crvj-vmf7-xrvr",
"discovery": "UNKNOWN"
},
"title": "Lack of ratelimit on public share link mount endpoint",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32741",
"STATE": "PUBLIC",
"TITLE": "Lack of ratelimit on public share link mount endpoint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.13"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr"
},
{
"name": "https://github.com/nextcloud/server/pull/26958",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/26958"
},
{
"name": "https://hackerone.com/reports/1192144",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1192144"
}
]
},
"source": {
"advisory": "GHSA-crvj-vmf7-xrvr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32741",
"datePublished": "2021-07-12T22:05:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37191 (GCVE-0-2021-37191)
Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2025-04-23 19:28
VLAI?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.
Severity ?
4.3 (Medium)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SINEMA Remote Connect Server |
Affected:
All versions < V3.0 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:22:09.320973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:28:04.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:50.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEMA Remote Connect Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0 SP2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37191",
"datePublished": "2021-09-14T10:47:50.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:28:04.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37910 (GCVE-0-2021-37910)
Vulnerability from cvelistv5 – Published: 2021-11-12 01:40 – Updated: 2024-09-16 19:05
VLAI?
Summary
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
Severity ?
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS | GT-AXE11000 |
Affected:
unspecified , < 3.0.0.4.386.45898
(custom)
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GT-AXE11000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386.45898",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "RT-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386.45898",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "RT-AX55",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386.45898",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386.45898",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TUF-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386.45898",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users\u0027 connections by sending specially crafted SAE authentication frames."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T01:40:13",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Routes firmware to last version:\nASUS GT-AXE11000 v3.0.0.4.386.45898\nASUS RT-AX3000 v3.0.0.4.386.45898\nASUS RT-AX55 v3.0.0.4.386.45898\nASUS RT-AX58U v3.0.0.4.386.45898\nASUS TUF-AX3000 v3.0.0.4.386.45898"
}
],
"source": {
"advisory": "TVN-202109034",
"discovery": "EXTERNAL"
},
"title": "ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-12T07:06:00.000Z",
"ID": "CVE-2021-37910",
"STATE": "PUBLIC",
"TITLE": "ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GT-AXE11000",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.0.4.386.45898"
}
]
}
},
{
"product_name": "RT-AX3000",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.0.4.386.45898"
}
]
}
},
{
"product_name": "RT-AX55",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.0.4.386.45898"
}
]
}
},
{
"product_name": "RT-AX58U",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.0.4.386.45898"
}
]
}
},
{
"product_name": "TUF-AX3000",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.0.4.386.45898"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users\u0027 connections by sending specially crafted SAE authentication frames."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799 Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Routes firmware to last version:\nASUS GT-AXE11000 v3.0.0.4.386.45898\nASUS RT-AX3000 v3.0.0.4.386.45898\nASUS RT-AX55 v3.0.0.4.386.45898\nASUS RT-AX58U v3.0.0.4.386.45898\nASUS TUF-AX3000 v3.0.0.4.386.45898"
}
],
"source": {
"advisory": "TVN-202109034",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37910",
"datePublished": "2021-11-12T01:40:13.569980Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-16T19:05:28.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41177 (GCVE-0-2021-41177)
Vulnerability from cvelistv5 – Published: 2021-10-25 21:50 – Updated: 2024-08-04 02:59
VLAI?
Summary
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.
Severity ?
8.1 (High)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 20.0.13
Affected: >= 21.0.0, < 21.0.5 Affected: < 22.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fj39-4qx4-m3f2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/28728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1265709"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 20.0.13"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.5"
},
{
"status": "affected",
"version": "\u003c 22.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799: Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:08:05",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fj39-4qx4-m3f2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/28728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1265709"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-fj39-4qx4-m3f2",
"discovery": "UNKNOWN"
},
"title": "Rate-limits not working on instances without configured memory cache backend",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41177",
"STATE": "PUBLIC",
"TITLE": "Rate-limits not working on instances without configured memory cache backend"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 20.0.13"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.5"
},
{
"version_value": "\u003c 22.2.0"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fj39-4qx4-m3f2",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fj39-4qx4-m3f2"
},
{
"name": "https://github.com/nextcloud/server/pull/28728",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/28728"
},
{
"name": "https://hackerone.com/reports/1265709",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1265709"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-fj39-4qx4-m3f2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41177",
"datePublished": "2021-10-25T21:50:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27279 (GCVE-0-2023-27279)
Vulnerability from cvelistv5 – Published: 2024-04-19 16:39 – Updated: 2024-08-02 12:09
VLAI?
Summary
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
Severity ?
6.5 (Medium)
CWE
- CWE-799 - Improper Control of Interaction Frequency
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Aspera Faspex |
Affected:
5.0.0 , ≤ 5.0.7
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aspera_faspex",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:24:59.103878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:46.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:41.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148632"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aspera Faspex",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.0.7",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533."
}
],
"value": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "CWE-799 Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T16:39:27.659Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148632"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Faspex denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-27279",
"datePublished": "2024-04-19T16:39:27.659Z",
"dateReserved": "2023-02-27T17:47:15.100Z",
"dateUpdated": "2024-08-02T12:09:41.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.