CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2021-32504 (GCVE-0-2021-32504)
Vulnerability from cvelistv5 – Published: 2022-07-19 14:11 – Updated: 2024-08-03 23:17
VLAI
Summary
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sick.com/psirt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.com/psirt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICK FTMg",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information\u2019s to launch further attacks on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T14:11:38.000Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.com/psirt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@sick.de",
"ID": "CVE-2021-32504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICK FTMg",
"version": {
"version_data": [
{
"version_value": "All versions before 2.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information\u2019s to launch further attacks on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sick.com/psirt",
"refsource": "MISC",
"url": "https://sick.com/psirt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2021-32504",
"datePublished": "2022-07-19T14:11:38.000Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32748 (GCVE-0-2021-32748)
Vulnerability from cvelistv5 – Published: 2021-07-27 21:10 – Updated: 2024-08-03 23:33
VLAI
Title
WOPI API not protected by credentials/IP check
Summary
Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end.
Severity
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/richdocuments/pull/1640 | x_refsource_MISC |
| https://hackerone.com/reports/1194606 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 3.8.3
Affected: >= 4.0.0, < 4.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/richdocuments/pull/1640"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1194606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.3"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T21:10:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/richdocuments/pull/1640"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1194606"
}
],
"source": {
"advisory": "GHSA-24x8-h6m2-9jf2",
"discovery": "UNKNOWN"
},
"title": "WOPI API not protected by credentials/IP check",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32748",
"STATE": "PUBLIC",
"TITLE": "WOPI API not protected by credentials/IP check"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 3.8.3"
},
{
"version_value": "\u003e= 4.0.0, \u003c 4.2.0"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"
},
{
"name": "https://github.com/nextcloud/richdocuments/pull/1640",
"refsource": "MISC",
"url": "https://github.com/nextcloud/richdocuments/pull/1640"
},
{
"name": "https://hackerone.com/reports/1194606",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1194606"
}
]
},
"source": {
"advisory": "GHSA-24x8-h6m2-9jf2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32748",
"datePublished": "2021-07-27T21:10:12.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33704 (GCVE-0-2021-33704)
Vulnerability from cvelistv5 – Published: 2021-09-15 18:01 – Updated: 2024-08-03 23:58
VLAI
Summary
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.
Severity
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3078072 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Business One |
Affected:
< 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3078072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business One",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T18:01:56.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3078072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business One",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3078072",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3078072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33704",
"datePublished": "2021-09-15T18:01:56.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34629 (GCVE-0-2021-34629)
Vulnerability from cvelistv5 – Published: 2021-07-30 20:44 – Updated: 2024-09-16 19:24
VLAI
Title
SendGrid <= 1.11.8 – Authorization Bypass
Summary
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.
Severity
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.wordfence.com/vulnerability-advisorie… | x_refsource_MISC |
Impacted products
Date Public
2021-07-21 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SendGrid",
"vendor": "SendGrid",
"versions": [
{
"lessThanOrEqual": "1.11.8",
"status": "affected",
"version": "1.11.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Prashant Baldha"
}
],
"datePublic": "2021-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T20:44:53.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629"
}
],
"solutions": [
{
"lang": "en",
"value": "Uninstall the plugin from WordPress site."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SendGrid \u003c= 1.11.8 \u2013 Authorization Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-07-21T15:18:00.000Z",
"ID": "CVE-2021-34629",
"STATE": "PUBLIC",
"TITLE": "SendGrid \u003c= 1.11.8 \u2013 Authorization Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SendGrid",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.11.8",
"version_value": "1.11.8"
}
]
}
}
]
},
"vendor_name": "SendGrid"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Prashant Baldha"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34629"
}
]
},
"solution": [
{
"lang": "en",
"value": "Uninstall the plugin from WordPress site."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34629",
"datePublished": "2021-07-30T20:44:48.031Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:25.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35001 (GCVE-0-2021-35001)
Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI
Title
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability
Summary
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.
The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.
Severity
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://community.bmc.com/s/article/Security-vuln… | vendor-advisory |
Date Public
2022-01-06 13:20
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bmc:track-it\\!:20.21.01.102:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "track-it\\!",
"vendor": "bmc",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:27:51.149823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:35.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:55.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-22-001",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Track-It!",
"vendor": "BMC",
"versions": [
{
"status": "affected",
"version": "20.21.01.102"
}
]
}
],
"dateAssigned": "2021-06-30T13:56:51.767Z",
"datePublic": "2022-01-06T13:20:36.842Z",
"descriptions": [
{
"lang": "en",
"value": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T22:54:53.388Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-22-001",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-001/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
],
"source": {
"lang": "en",
"value": "Brandin Perry"
},
"title": "BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-35001",
"datePublished": "2024-05-07T22:54:53.388Z",
"dateReserved": "2021-06-17T19:27:05.669Z",
"dateUpdated": "2024-08-04T00:26:55.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3653 (GCVE-0-2021-3653)
Vulnerability from cvelistv5 – Published: 2021-09-29 19:41 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1983686 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/165477/Kerne… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.14-rc7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-06T19:06:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.14-rc7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/08/16/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"name": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3653",
"datePublished": "2021-09-29T19:41:01.000Z",
"dateReserved": "2021-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3656 (GCVE-0-2021-3656)
Vulnerability from cvelistv5 – Published: 2022-03-04 18:41 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| https://git.kernel.org/pub/scm/virt/kvm/kvm.git/c… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/c7dfa400… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1983988 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KVM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed-In v5.14-rc7 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T18:41:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KVM",
"version": {
"version_data": [
{
"version_value": "Fixed-In v5.14-rc7 and above"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/08/16/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
},
{
"name": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"name": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3656",
"datePublished": "2022-03-04T18:41:26.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3814 (GCVE-0-2021-3814)
Vulnerability from cvelistv5 – Published: 2022-03-25 18:02 – Updated: 2024-08-03 17:09
VLAI
Summary
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2004322 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3scale",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3scale 2.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that 3scale\u0027s APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-25T18:02:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3scale",
"version": {
"version_data": [
{
"version_value": "3scale 2.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that 3scale\u0027s APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2004322",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3814",
"datePublished": "2022-03-25T18:02:50.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38164 (GCVE-0-2021-38164)
Vulnerability from cvelistv5 – Published: 2021-09-14 11:19 – Updated: 2024-08-04 01:37
VLAI
Summary
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
Severity
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3068582 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) |
Affected:
< SAP_APPL - 600
Affected: < 602 Affected: < 603 Affected: < 604 Affected: < 605 Affected: < 606 Affected: < 616 Affected: < SAP_FIN - 617 Affected: < 618 Affected: < 700 Affected: < 720 Affected: < 730 Affected: < SAPSCORE - 125 Affected: < S4CORE Affected: < 100 Affected: < 101 Affected: < 102 Affected: < 103 Affected: < 104 Affected: < 105 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP Financial Accounting (RFOPENPOSTING_FR)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c SAP_APPL - 600"
},
{
"status": "affected",
"version": "\u003c 602"
},
{
"status": "affected",
"version": "\u003c 603"
},
{
"status": "affected",
"version": "\u003c 604"
},
{
"status": "affected",
"version": "\u003c 605"
},
{
"status": "affected",
"version": "\u003c 606"
},
{
"status": "affected",
"version": "\u003c 616"
},
{
"status": "affected",
"version": "\u003c SAP_FIN - 617"
},
{
"status": "affected",
"version": "\u003c 618"
},
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 720"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c SAPSCORE - 125"
},
{
"status": "affected",
"version": "\u003c S4CORE"
},
{
"status": "affected",
"version": "\u003c 100"
},
{
"status": "affected",
"version": "\u003c 101"
},
{
"status": "affected",
"version": "\u003c 102"
},
{
"status": "affected",
"version": "\u003c 103"
},
{
"status": "affected",
"version": "\u003c 104"
},
{
"status": "affected",
"version": "\u003c 105"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T11:19:00.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP Financial Accounting (RFOPENPOSTING_FR)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "SAP_APPL - 600"
},
{
"version_name": "\u003c",
"version_value": "602"
},
{
"version_name": "\u003c",
"version_value": "603"
},
{
"version_name": "\u003c",
"version_value": "604"
},
{
"version_name": "\u003c",
"version_value": "605"
},
{
"version_name": "\u003c",
"version_value": "606"
},
{
"version_name": "\u003c",
"version_value": "616"
},
{
"version_name": "\u003c",
"version_value": "SAP_FIN - 617"
},
{
"version_name": "\u003c",
"version_value": "618"
},
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "720"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "SAPSCORE - 125"
},
{
"version_name": "\u003c",
"version_value": "S4CORE"
},
{
"version_name": "\u003c",
"version_value": "100"
},
{
"version_name": "\u003c",
"version_value": "101"
},
{
"version_name": "\u003c",
"version_value": "102"
},
{
"version_name": "\u003c",
"version_value": "103"
},
{
"version_name": "\u003c",
"version_value": "104"
},
{
"version_name": "\u003c",
"version_value": "105"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3068582",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38164",
"datePublished": "2021-09-14T11:19:00.000Z",
"dateReserved": "2021-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38431 (GCVE-0-2021-38431)
Vulnerability from cvelistv5 – Published: 2021-10-15 12:29 – Updated: 2024-09-16 18:28
VLAI
Title
Advantech WebAccess SCADA
Summary
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
Severity
4.3 (Medium)
CWE
- CWE-862 - MISSING AUTHORIZATION CWE-862
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Advantech | WebAccess SCADA |
Affected:
All , ≤ 9.0.3
(custom)
|
Date Public
2021-10-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebAccess SCADA",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "9.0.3",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Cheng from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported this vulnerability to CISA."
}
],
"datePublic": "2021-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "MISSING AUTHORIZATION CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-15T12:29:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Advantech recommends users upgrade to v9.1.1 or later."
}
],
"source": {
"advisory": "ICSA-21-285-01",
"discovery": "UNKNOWN"
},
"title": "Advantech WebAccess SCADA",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-12T17:13:00.000Z",
"ID": "CVE-2021-38431",
"STATE": "PUBLIC",
"TITLE": "Advantech WebAccess SCADA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebAccess SCADA",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Peter Cheng from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Advantech recommends users upgrade to v9.1.1 or later."
}
],
"source": {
"advisory": "ICSA-21-285-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38431",
"datePublished": "2021-10-15T12:29:48.409Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:58.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.