Search criteria
6 vulnerabilities found for Integria IMS by Ártica
CVE-2021-3834 (GCVE-0-2021-3834)
Vulnerability from cvelistv5 – Published: 2021-10-07 15:14 – Updated: 2024-09-16 17:37
VLAI?
Title
Integria IMS vulnerable to Cross Site Scripting (XSS)
Summary
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @_Barriuso (special mention to @nag0mez ).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Discovered by @_Barriuso (special mention to @nag0mez )."
}
],
"datePublic": "2021-10-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
],
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T13:51:58.328Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been solved in Integria IMS 5.0 93."
}
],
"value": "This vulnerability has been solved in Integria IMS 5.0 93."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3834",
"STATE": "PUBLIC",
"TITLE": "Integria IMS vulnerable to Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @_Barriuso (special mention to @nag0mez )."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
},
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3834",
"datePublished": "2021-10-07T15:14:35.381205Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-16T17:37:38.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3833 (GCVE-0-2021-3833)
Vulnerability from cvelistv5 – Published: 2021-10-07 15:10 – Updated: 2024-09-16 23:46
VLAI?
Title
Integria IMS incorrect authorization
Summary
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
Severity ?
9.8 (Critical)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @nag0mez (special mention to @_Barriuso).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"datePublic": "2021-10-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIntegria IMS login check uses a loose comparator (\u0026quot;==\u0026quot;) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\u003c/p\u003e"
}
],
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T13:46:15.846Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability has been solved in Integria IMS 5.0 93\u003c/p\u003e"
}
],
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS incorrect authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3833",
"STATE": "PUBLIC",
"TITLE": "Integria IMS incorrect authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
},
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3833",
"datePublished": "2021-10-07T15:10:07.808309Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-16T23:46:25.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3832 (GCVE-0-2021-3832)
Vulnerability from cvelistv5 – Published: 2021-10-07 13:33 – Updated: 2024-09-17 02:36
VLAI?
Title
Integria IMS Remote Code Execution
Summary
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @nag0mez (special mention to @_Barriuso).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T13:33:19",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3832",
"STATE": "PUBLIC",
"TITLE": "Integria IMS Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3832",
"datePublished": "2021-10-07T13:33:19.417218Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-17T02:36:13.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3834 (GCVE-0-2021-3834)
Vulnerability from nvd – Published: 2021-10-07 15:14 – Updated: 2024-09-16 17:37
VLAI?
Title
Integria IMS vulnerable to Cross Site Scripting (XSS)
Summary
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @_Barriuso (special mention to @nag0mez ).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Discovered by @_Barriuso (special mention to @nag0mez )."
}
],
"datePublic": "2021-10-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
],
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T13:51:58.328Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been solved in Integria IMS 5.0 93."
}
],
"value": "This vulnerability has been solved in Integria IMS 5.0 93."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3834",
"STATE": "PUBLIC",
"TITLE": "Integria IMS vulnerable to Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @_Barriuso (special mention to @nag0mez )."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
},
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3834",
"datePublished": "2021-10-07T15:14:35.381205Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-16T17:37:38.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3833 (GCVE-0-2021-3833)
Vulnerability from nvd – Published: 2021-10-07 15:10 – Updated: 2024-09-16 23:46
VLAI?
Title
Integria IMS incorrect authorization
Summary
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
Severity ?
9.8 (Critical)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @nag0mez (special mention to @_Barriuso).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"datePublic": "2021-10-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIntegria IMS login check uses a loose comparator (\u0026quot;==\u0026quot;) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\u003c/p\u003e"
}
],
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T13:46:15.846Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability has been solved in Integria IMS 5.0 93\u003c/p\u003e"
}
],
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS incorrect authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3833",
"STATE": "PUBLIC",
"TITLE": "Integria IMS incorrect authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
},
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3833",
"datePublished": "2021-10-07T15:10:07.808309Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-16T23:46:25.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3832 (GCVE-0-2021-3832)
Vulnerability from nvd – Published: 2021-10-07 13:33 – Updated: 2024-09-17 02:36
VLAI?
Title
Integria IMS Remote Code Execution
Summary
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ártica | Integria IMS |
Affected:
5.0.92
|
Credits
Discovered by @nag0mez (special mention to @_Barriuso).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://integriaims.com/en/services/updates/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integria IMS",
"vendor": "\u00c1rtica",
"versions": [
{
"status": "affected",
"version": "5.0.92"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"datePublic": "2021-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T13:33:19",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://integriaims.com/en/services/updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integria IMS Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3832",
"STATE": "PUBLIC",
"TITLE": "Integria IMS Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integria IMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
},
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3832",
"datePublished": "2021-10-07T13:33:19.417218Z",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-09-17T02:36:13.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}