All the vulnerabilites related to open source - OpenClinic GA
cve-2020-14490
Vulnerability from cvelistv5
Published
2020-07-29 12:25
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T12:25:53", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14490", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14490", "datePublished": "2020-07-29T12:25:53.168931Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-16T17:03:10.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14489
Vulnerability from cvelistv5
Published
2020-07-29 12:24
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T12:24:11", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14489", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14489", "datePublished": "2020-07-29T12:24:11.103756Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-17T01:46:22.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14492
Vulnerability from cvelistv5
Published
2020-07-29 12:29
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.606Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user\u2019s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T12:29:11", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14492", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user\u2019s browser." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14492", "datePublished": "2020-07-29T12:29:11.124116Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-16T22:45:24.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14487
Vulnerability from cvelistv5
Published
2020-07-29 13:22
Modified
2024-09-16 19:21
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.658Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-912", "description": "HIDDEN FUNCTIONALITY CWE-912", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T13:22:25", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "solutions": [ { "lang": "en", "value": "Update to version 5.89.05b or newer." } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14487", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HIDDEN FUNCTIONALITY CWE-912" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "solution": [ { "lang": "en", "value": "Update to version 5.89.05b or newer." } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14487", "datePublished": "2020-07-29T13:22:25.067610Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-16T19:21:13.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14486
Vulnerability from cvelistv5
Published
2020-07-29 13:21
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "IMPROPER AUTHORIZATION CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T13:21:03", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14486", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER AUTHORIZATION CWE-285" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14486", "datePublished": "2020-07-29T13:21:03.686519Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-16T20:58:04.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14488
Vulnerability from cvelistv5
Published
2020-07-29 13:15
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T13:15:21", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14488", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14488", "datePublished": "2020-07-29T13:15:21.912690Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-17T02:06:04.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14493
Vulnerability from cvelistv5
Published
2020-07-29 12:27
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
OpenClinic GA
References
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | x_refsource_MISC |
Impacted products
▼ | Vendor | Product |
---|---|---|
open source | OpenClinic GA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:46:34.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenClinic GA", "vendor": "open source", "versions": [ { "status": "affected", "version": "5.09.02" }, { "status": "affected", "version": "5.89.05b" } ] } ], "credits": [ { "lang": "en", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "datePublic": "2020-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-250", "description": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T12:27:28", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ], "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "title": "OpenClinic GA", "workarounds": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2020-07-02T00:00:00.000Z", "ID": "CVE-2020-14493", "STATE": "PUBLIC", "TITLE": "OpenClinic GA" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenClinic GA", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.09.02" }, { "version_affected": "=", "version_value": "5.89.05b" } ] } } ] }, "vendor_name": "open source" } ] } }, "credit": [ { "lang": "eng", "value": "Brian D. Hysell reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01" } ] }, "source": { "advisory": "ICSMA-20-184-01 OpenClinic GA", "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes." } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14493", "datePublished": "2020-07-29T12:27:28.691565Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-17T03:13:05.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }