CWE-942
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
CVE-2023-38125 (GCVE-0-2023-38125)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 17:30
VLAI
Title
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability
Summary
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.
Severity
7.5 (High)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeAggregator |
Affected:
3.40
|
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeaggregator",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:26:57.744725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:05.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:25.020Z",
"datePublic": "2023-08-09T18:04:22.098Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:21.322Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38125",
"datePublished": "2024-05-03T01:59:21.322Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45213 (GCVE-0-2023-45213)
Vulnerability from cvelistv5 – Published: 2024-02-06 21:39 – Updated: 2025-05-15 19:43
VLAI
Title
Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
Summary
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
Severity
6.6 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Date Public
2024-01-23 21:36
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:20.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:08:08.241321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:43:25.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lynx",
"vendor": "Westermo",
"versions": [
{
"status": "affected",
"version": "L206-F2G1"
},
{
"status": "affected",
"version": "4.24"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aar\u00f3n Flecha Men\u00e9ndez, Iv\u00e1n Alonso \u00c1lvarez and V\u00edctor Bello Cuevas reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-01-23T21:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\n\n\n\n\n\n\nA potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T21:39:36.259Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWestermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nWestermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45213",
"datePublished": "2024-02-06T21:39:36.259Z",
"dateReserved": "2023-10-12T20:21:27.727Z",
"dateUpdated": "2025-05-15T19:43:25.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46098 (GCVE-0-2023-46098)
Vulnerability from cvelistv5 – Published: 2023-11-14 11:04 – Updated: 2025-01-08 16:35
VLAI
Summary
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC PCS neo |
Affected:
All versions < V4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:05:24.120438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:35:08.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS neo (All versions \u003c V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T11:04:20.174Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46098",
"datePublished": "2023-11-14T11:04:20.174Z",
"dateReserved": "2023-10-16T11:24:12.686Z",
"dateUpdated": "2025-01-08T16:35:08.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46281 (GCVE-0-2023-46281)
Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2025-01-14 10:29
VLAI
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Opcenter Execution Foundation |
Affected:
0 , < V2407
(custom)
|
|
| Siemens | Opcenter Quality |
Affected:
0 , < V2312
(custom)
|
|
| Siemens | SIMATIC PCS neo |
Affected:
0 , < V4.1
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < V2.0 SP1
(custom)
|
|
| Siemens | Totally Integrated Automation Portal (TIA Portal) V14 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Totally Integrated Automation Portal (TIA Portal) V15.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Totally Integrated Automation Portal (TIA Portal) V16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Totally Integrated Automation Portal (TIA Portal) V17 |
Affected:
0 , < V17 Update 8
(custom)
|
|
| Siemens | Totally Integrated Automation Portal (TIA Portal) V18 |
Affected:
0 , < V18 Update 3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:41:24.487753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:41:45.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:50.318Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46281",
"datePublished": "2023-12-12T11:27:11.796Z",
"dateReserved": "2023-10-20T10:29:46.259Z",
"dateUpdated": "2025-01-14T10:29:50.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50940 (GCVE-0-2023-50940)
Vulnerability from cvelistv5 – Published: 2024-02-02 01:05 – Updated: 2024-08-02 22:23
VLAI
Title
IBM PowerSC cross-resource origin sharing
Summary
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.
Severity
5.3 (Medium)
CWE
- CWE-942 - Overly Permissive Cross-domain Whitelist
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7113759 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "powersc",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T22:46:41.785316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T22:47:04.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7113759"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerSC",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.3, 2.0, 2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.\n\n"
}
],
"value": "IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T01:05:18.602Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7113759"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275130"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM PowerSC cross-resource origin sharing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50940",
"datePublished": "2024-02-02T01:05:18.602Z",
"dateReserved": "2023-12-16T01:37:06.022Z",
"dateUpdated": "2024-08-02T22:23:44.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10315 (GCVE-0-2024-10315)
Vulnerability from cvelistv5 – Published: 2024-11-11 19:12 – Updated: 2024-11-18 21:28
VLAI
Title
Insecure Configuration in Gliffy Online
Summary
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gliffy | Gliffy Online |
Affected:
0.0.0 , < 4.14.0-6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:48:47.186557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:49:08.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gliffy Online",
"vendor": "Gliffy",
"versions": [
{
"lessThan": "4.14.0-6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGliffy\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Online an insecure configuration was discovered in versions before\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 4.14.0-6\u003c/span\u003e. Reported by Alpha Inferno PVT LTD.\u003cbr\u003e"
}
],
"value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T21:28:49.880Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Configuration in Gliffy Online",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-10315",
"datePublished": "2024-11-11T19:12:28.760Z",
"dateReserved": "2024-10-23T18:41:31.201Z",
"dateUpdated": "2024-11-18T21:28:49.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11071 (GCVE-0-2024-11071)
Vulnerability from cvelistv5 – Published: 2025-04-07 06:02 – Updated: 2025-04-15 00:53
VLAI
Title
Improper Access Control In DestinyECM
Summary
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cyberdigm.co.kr/destinyEcm |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cyberdigm | DestinyECM |
Affected:
5.24.10.* , < 5.24.10.2303
(custom)
Affected: 5.23.10.* , < 5.23.12.2450 (custom) Affected: 5.23.02.* , < 5.23.08.2451 (custom) Affected: 5.22.* , < 5.22.12.2446 (custom) Affected: 5.21.*, 5.20.*, 5.19.* , < 5.21.12.2303 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T19:34:56.246906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T19:35:11.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Local API Server"
],
"platforms": [
"Windows"
],
"product": "DestinyECM",
"vendor": "Cyberdigm",
"versions": [
{
"changes": [
{
"at": "5.24.12.2303",
"status": "unaffected"
}
],
"lessThan": "5.24.10.2303",
"status": "affected",
"version": "5.24.10.*",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.23.12.2450",
"status": "unaffected"
}
],
"lessThan": "5.23.12.2450",
"status": "affected",
"version": "5.23.10.*",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.23.08.2451",
"status": "unaffected"
}
],
"lessThan": "5.23.08.2451",
"status": "affected",
"version": "5.23.02.*",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.22.12.2446",
"status": "unaffected"
}
],
"lessThan": "5.22.12.2446",
"status": "affected",
"version": "5.22.*",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.21.12.2303",
"status": "unaffected"
}
],
"lessThan": "5.21.12.2303",
"status": "affected",
"version": "5.21.*, 5.20.*, 5.19.*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jskimpwn(\uae40\uc9c0\uc12d, Jisub Kim)"
},
{
"lang": "en",
"type": "finder",
"value": "arang(\uc720\uc7ac\uc6b1, Jaewook You)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by\u0026nbsp;Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.\u003cp\u003e* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.\u003c/p\u003e"
}
],
"value": "Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by\u00a0Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor."
}
],
"impacts": [
{
"capecId": "CAPEC-111",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T00:53:10.622Z",
"orgId": "09832df1-09c1-45b4-8a85-16c601d30feb",
"shortName": "FSI"
},
"references": [
{
"url": "https://cyberdigm.co.kr/destinyEcm"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Improper Access Control In DestinyECM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "09832df1-09c1-45b4-8a85-16c601d30feb",
"assignerShortName": "FSI",
"cveId": "CVE-2024-11071",
"datePublished": "2025-04-07T06:02:06.218Z",
"dateReserved": "2024-11-11T08:07:36.256Z",
"dateUpdated": "2025-04-15T00:53:10.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21382 (GCVE-0-2024-21382)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-05-29 15:17
VLAI
Title
Microsoft Edge for Android Information Disclosure Vulnerability
Summary
Microsoft Edge for Android Information Disclosure Vulnerability
Severity
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
Date Public
2024-01-25 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:52:49.584059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:17:41.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for Android Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:38.128Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382"
}
],
"title": "Microsoft Edge for Android Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21382",
"datePublished": "2024-01-26T00:29:14.790Z",
"dateReserved": "2023-12-08T22:45:20.452Z",
"dateUpdated": "2025-05-29T15:17:41.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22348 (GCVE-0-2024-22348)
Vulnerability from cvelistv5 – Published: 2025-01-20 17:40 – Updated: 2025-01-21 14:47
VLAI
Title
IBM UrbanCode Velocity cross-origin resource sharing
Summary
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
Severity
5.3 (Medium)
CWE
- CWE-942 - Overly Permissive Cross-domain Whitelist
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | UrbanCode Velocity |
Affected:
4.0.0 , ≤ 4.0.25
(semver)
cpe:2.3:a:ibm:urbancode_velocity:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_velocity:4.0.15:*:*:*:*:*:*:* |
|
| IBM | DevOps Velocity |
Affected:
5.0.0
cpe:2.3:a:ibm:devops_velocity:5.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:46:41.052225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:47:02.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_velocity:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_velocity:4.0.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Velocity",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.0.25",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_velocity:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Velocity",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.\u003c/span\u003e"
}
],
"value": "IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T17:40:31.965Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7172750"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Velocity cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22348",
"datePublished": "2025-01-20T17:40:31.965Z",
"dateReserved": "2024-01-08T23:42:25.451Z",
"dateUpdated": "2025-01-21T14:47:02.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23823 (GCVE-0-2024-23823)
Vulnerability from cvelistv5 – Published: 2024-03-14 18:47 – Updated: 2024-08-01 23:13
VLAI
Title
CORS settings overly permissive in vantage6
Summary
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.
Severity
4.2 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vantage6/vantage6/security/adv… | x_refsource_CONFIRM |
| https://github.com/vantage6/vantage6/commit/70bb4… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:18:24.767888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:18:35.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh"
},
{
"name": "https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vantage6",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T18:47:50.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh"
},
{
"name": "https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41"
}
],
"source": {
"advisory": "GHSA-4946-85pr-fvxh",
"discovery": "UNKNOWN"
},
"title": "CORS settings overly permissive in vantage6"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23823",
"datePublished": "2024-03-14T18:47:50.328Z",
"dateReserved": "2024-01-22T22:23:54.338Z",
"dateUpdated": "2024-08-01T23:13:08.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Attack Surface Reduction
Description:
- Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.