All the vulnerabilites related to Pandora FMS - Pandora FMS
cve-2023-41808
Vulnerability from cvelistv5
Published
2023-11-23 14:51
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Arbitrary File Read As Root Via GoTTY Page
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:51:17.223Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary File Read As Root Via GoTTY Page",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41808",
"datePublished": "2023-11-23T14:51:17.223Z",
"dateReserved": "2023-09-01T12:10:03.868Z",
"dateUpdated": "2024-08-02T19:09:49.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44088
Vulnerability from cvelistv5
Published
2023-12-29 11:48
Modified
2024-08-02 19:52
Severity ?
EPSS score ?
Summary
SQL Injection in Visual Console
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "774",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef \u003csu.osamayousef@gmail.com\u003e"
}
],
"datePublic": "2023-12-29T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u0026nbsp;Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through 774.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:48:12.417Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v775."
}
],
"value": "Fixed in v775."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection in Visual Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44088",
"datePublished": "2023-12-29T11:48:12.417Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:52:11.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44092
Vulnerability from cvelistv5
Published
2024-03-19 16:32
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
OS Command Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T14:31:18.246071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:44:44.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:50.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u0026nbsp;This vulnerability allowed to create a reverse shell and execute commands in the OS.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:32:54.633Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v776."
}
],
"value": "Fixed in v776."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44092",
"datePublished": "2024-03-19T16:32:54.633Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:59:50.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41807
Vulnerability from cvelistv5
Published
2023-11-23 14:49
Modified
2024-10-15 18:30
Severity ?
EPSS score ?
Summary
Linux Local Privilege Escalation Via GoTTY Page
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:16.296168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:30:51.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:49:41.335Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Linux Local Privilege Escalation Via GoTTY Page",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41807",
"datePublished": "2023-11-23T14:49:41.335Z",
"dateReserved": "2023-09-01T12:10:03.868Z",
"dateUpdated": "2024-10-15T18:30:51.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44090
Vulnerability from cvelistv5
Published
2024-03-19 16:26
Modified
2024-08-02 19:52
Severity ?
EPSS score ?
Summary
UnautH SQL Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T17:26:33.494752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:17.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:12.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "dabdurakhmanova@ptsecurity.com"
}
],
"datePublic": "2024-03-19T17:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. \u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through \u003c776.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:26:12.225Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v776."
}
],
"value": "Fixed in v776."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UnautH SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44090",
"datePublished": "2024-03-19T16:26:12.225Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:52:12.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41815
Vulnerability from cvelistv5
Published
2023-12-29 11:46
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
XSS in File manager
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "774",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef \u003csu.osamayousef@gmail.com\u003e"
}
],
"datePublic": "2023-12-29T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u0026nbsp;Malicious code could be executed in the File Manager section.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through 774.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Malicious code could be executed in the File Manager section.\u00a0This issue affects Pandora FMS: from 700 through 774."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:46:46.235Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v775.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v775.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS in File manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41815",
"datePublished": "2023-12-29T11:46:46.235Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:48.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9987
Vulnerability from cvelistv5
Published
2024-10-22 09:00
Modified
2024-10-22 13:13
Severity ?
EPSS score ?
Summary
SQL Injection in CSV Module Data Collection
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777.3",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:12:04.875403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:13:31.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777.3",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "i@qvq.im"
}
],
"datePublic": "2024-10-22T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication SQL Injection vulnerability within the \u003ccode\u003efilters\u003c/code\u003e parameter of the \u003ccode\u003eextensions/agents_modules_csv\u003c/code\u003e functionality.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777.3."
}
],
"value": "A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality.\u00a0This issue affects Pandora FMS: from 700 through \u003c777.3."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T09:00:57.871Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update version 777.3"
}
],
"value": "Update version 777.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL Injection in CSV Module Data Collection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-9987",
"datePublished": "2024-10-22T09:00:57.871Z",
"dateReserved": "2024-10-15T10:20:25.623Z",
"dateUpdated": "2024-10-22T13:13:31.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41792
Vulnerability from cvelistv5
Published
2023-11-23 14:45
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Lack of Authorization and Stored XSS Via SNMP Trap Editor Page
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:45:33.842Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of Authorization and Stored XSS Via SNMP Trap Editor Page",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41792",
"datePublished": "2023-11-23T14:45:33.842Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:09:48.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41813
Vulnerability from cvelistv5
Published
2023-12-29 11:42
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
User notification settings edition
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "774",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-12-29T11:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u0026nbsp;Allows you to edit the Web Console user notification options.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through 774.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Allows you to edit the Web Console user notification options.\u00a0This issue affects Pandora FMS: from 700 through 774."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:42:59.506Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v775."
}
],
"value": "Fixed in v775."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User notification settings edition",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41813",
"datePublished": "2023-12-29T11:42:59.506Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:49.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35308
Vulnerability from cvelistv5
Published
2024-10-22 09:03
Modified
2024-10-22 13:11
Severity ?
EPSS score ?
Summary
Post-auth Arbitrary File Read in the Server Plugins Section
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:29.978099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:11:36.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777.3",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "i@qvq.im"
}
],
"datePublic": "2024-10-22T08:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777.3."
}
],
"value": "A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature.\u00a0This issue affects Pandora FMS: from 700 through \u003c777.3."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T09:03:15.776Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v777.3"
}
],
"value": "Update to v777.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Post-auth Arbitrary File Read in the Server Plugins Section",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35308",
"datePublished": "2024-10-22T09:03:15.776Z",
"dateReserved": "2024-05-16T17:38:35.344Z",
"dateUpdated": "2024-10-22T13:11:36.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41787
Vulnerability from cvelistv5
Published
2023-11-23 14:31
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Arbitrary File Read
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "772",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:31:41.618Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v773 and v772.1."
}
],
"value": "Fixed in v773 and v772.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41787",
"datePublished": "2023-11-23T14:31:41.618Z",
"dateReserved": "2023-09-01T11:54:47.538Z",
"dateUpdated": "2024-08-02T19:09:48.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41812
Vulnerability from cvelistv5
Published
2023-11-23 14:58
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Uploading executables via the file manager
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef \u003csu.osamayousef@gmail.com\u003e"
}
],
"datePublic": "2023-11-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:58:44.103Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uploading executables via the file manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41812",
"datePublished": "2023-11-23T14:58:44.103Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:49.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4677
Vulnerability from cvelistv5
Published
2023-11-23 14:22
Modified
2024-08-02 07:31
Severity ?
EPSS score ?
Summary
Unauthenticated Admin Account Takeover Via Cron Log File Backups
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "772",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS \u0026lt;= 772."
}
],
"value": "Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS \u003c= 772."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:22:01.559Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v773 and v772.1"
}
],
"value": "Fixed in v773 and v772.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Admin Account Takeover Via Cron Log File Backups",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-4677",
"datePublished": "2023-11-23T14:22:01.559Z",
"dateReserved": "2023-08-31T15:38:14.018Z",
"dateUpdated": "2024-08-02T07:31:06.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44091
Vulnerability from cvelistv5
Published
2024-03-19 16:31
Modified
2024-08-02 19:52
Severity ?
EPSS score ?
Summary
Unauth Time-Based SQL Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T19:13:28.748415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:21.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u0026nbsp;This ulnerability allowed SQL injections to be made even if authentication failed.\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u00a0This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:31:38.932Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauth Time-Based SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44091",
"datePublished": "2024-03-19T16:31:38.932Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:52:11.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41814
Vulnerability from cvelistv5
Published
2023-12-29 11:45
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
XSS Vulnerability Messages
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "774",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gabriel Weitzel \u003cgabrielzw0@gmail.com\u003e"
}
],
"datePublic": "2023-12-29T11:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through 774.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u00a0This issue affects Pandora FMS: from 700 through 774."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:45:23.493Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v775.\u003cbr\u003e"
}
],
"value": "\nFixed in v775.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS Vulnerability Messages",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41814",
"datePublished": "2023-12-29T11:45:23.493Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:49.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41811
Vulnerability from cvelistv5
Published
2023-11-23 14:54
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Stored XSS Via Site News Page
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:54:41.510Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS Via Site News Page",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41811",
"datePublished": "2023-11-23T14:54:41.510Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:48.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11320
Vulnerability from cvelistv5
Published
2024-11-21 10:03
Modified
2024-11-21 14:39
Severity ?
EPSS score ?
Summary
Command Injection leading to RCE via LDAP Misconfiguration
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T14:38:57.268103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T14:39:13.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "777.4",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammad Askar \u003cm.askar@isecur1ty.org\u003e"
}
],
"datePublic": "2024-11-21T09:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through \u0026lt;=777.4\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through \u003c=777.4"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T10:03:08.739Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed un v777.5"
}
],
"value": "Fixed un v777.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection leading to RCE via LDAP Misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-11320",
"datePublished": "2024-11-21T10:03:08.739Z",
"dateReserved": "2024-11-18T11:27:37.531Z",
"dateUpdated": "2024-11-21T14:39:13.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44089
Vulnerability from cvelistv5
Published
2023-12-29 11:50
Modified
2024-09-17 13:01
Severity ?
EPSS score ?
Summary
XSS in Visual Console
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T15:16:49.799069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:01:07.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "774",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef \u003csu.osamayousef@gmail.com\u003e"
}
],
"datePublic": "2023-12-29T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u0026nbsp;It was possible to execute malicious JS code on Visual Consoles.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through 774.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0It was possible to execute malicious JS code on Visual Consoles.\u00a0This issue affects Pandora FMS: from 700 through 774."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T11:50:00.511Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v775."
}
],
"value": "Fixed in v775."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS in Visual Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44089",
"datePublished": "2023-12-29T11:50:00.511Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-09-17T13:01:07.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35304
Vulnerability from cvelistv5
Published
2024-06-10 14:21
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
System command injection through Netflow function
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T15:44:44.106381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T15:47:46.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"datePublic": "2024-06-10T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "System command injection through Netflow function\u0026nbsp;due to improper input validation, allowing attackers to execute arbitrary system commands.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "System command injection through Netflow function\u00a0due to improper input validation, allowing attackers to execute arbitrary system commands.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:21:10.487Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "System command injection through Netflow function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35304",
"datePublished": "2024-06-10T14:21:10.487Z",
"dateReserved": "2024-05-16T17:38:35.341Z",
"dateUpdated": "2024-08-02T03:07:46.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41786
Vulnerability from cvelistv5
Published
2023-11-23 14:27
Modified
2024-10-15 18:31
Severity ?
EPSS score ?
Summary
Database backups availability by low-privileged users
References
| ▼ | URL | Tags |
|---|---|---|
| https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:17.804012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:31:01.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "772",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772."
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:27:33.933Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v773 and 772.1."
}
],
"value": "Fixed in v773 and 772.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Database backups availability by low-privileged users",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41786",
"datePublished": "2023-11-23T14:27:33.933Z",
"dateReserved": "2023-09-01T11:54:47.538Z",
"dateUpdated": "2024-10-15T18:31:01.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35306
Vulnerability from cvelistv5
Published
2024-06-10 14:30
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
OS Command injection in Ajax PHP files through HTTP Request
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandora_fms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pandora_fms",
"vendor": "pandora_fms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T17:34:28.554257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:42:02.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/R:U/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:30:36.784Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command injection in Ajax PHP files through HTTP Request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35306",
"datePublished": "2024-06-10T14:30:36.784Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41791
Vulnerability from cvelistv5
Published
2023-11-23 14:41
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Lack of Authorization and Stored XSS Via Translation Abuse
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:41:46.802Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 in v772.2."
}
],
"value": "Fixed in v774 in v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of Authorization and Stored XSS Via Translation Abuse",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41791",
"datePublished": "2023-11-23T14:41:46.802Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:09:48.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35307
Vulnerability from cvelistv5
Published
2024-06-10 14:33
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:35:21.466902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:39:11.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u0026nbsp;allowing unauthenticated attackers to execute arbitrary code on the server.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u00a0allowing unauthenticated attackers to execute arbitrary code on the server.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:33:29.127Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35307",
"datePublished": "2024-06-10T14:33:29.127Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41790
Vulnerability from cvelistv5
Published
2023-11-23 14:38
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Traversal Path on PHP file
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:38:45.504Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v774 in v772.2.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v774 in v772.2.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Traversal Path on PHP file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41790",
"datePublished": "2023-11-23T14:38:45.504Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:09:48.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41788
Vulnerability from cvelistv5
Published
2023-11-23 14:33
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Remote Code Execution via File Uploader
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:33:44.933Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution via File Uploader",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41788",
"datePublished": "2023-11-23T14:33:44.933Z",
"dateReserved": "2023-09-01T11:54:47.538Z",
"dateUpdated": "2024-08-02T19:09:48.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41789
Vulnerability from cvelistv5
Published
2023-11-23 14:36
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Unauthenticated Admin Account Takeover Via XSS
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:36:55.047Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v774 and v772.2.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v774 and v772.2.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Admin Account Takeover Via XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41789",
"datePublished": "2023-11-23T14:36:55.047Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:09:48.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41810
Vulnerability from cvelistv5
Published
2023-11-23 14:52
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Stored XSS Via Dashboard Panel
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets\u0027 text box. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets\u0027 text box. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:52:59.306Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS Via Dashboard Panel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41810",
"datePublished": "2023-11-23T14:52:59.306Z",
"dateReserved": "2023-09-01T12:10:03.869Z",
"dateUpdated": "2024-08-02T19:09:48.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41793
Vulnerability from cvelistv5
Published
2024-03-19 16:34
Modified
2024-08-02 19:22
Severity ?
EPSS score ?
Summary
Path Traversal and Untrusted Upload File
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThanOrEqual": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:21:08.499209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:22:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u0026nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:34:48.358Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal and Untrusted Upload File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41793",
"datePublished": "2024-03-19T16:34:48.358Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:22:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41806
Vulnerability from cvelistv5
Published
2023-11-23 14:47
Modified
2024-08-02 19:09
Severity ?
EPSS score ?
Summary
Misassignment of privileges can cause DOS attack
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:48.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "773",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Oliver Brooks \u003collie.brooks@nccgroup.com\u003e"
}
],
"datePublic": "2023-11-23T14:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773."
}
],
"value": "Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T14:47:54.186Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v774 and v772.2."
}
],
"value": "Fixed in v774 and v772.2."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Misassignment of privileges can cause DOS attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41806",
"datePublished": "2023-11-23T14:47:54.186Z",
"dateReserved": "2023-09-01T12:10:03.868Z",
"dateUpdated": "2024-08-02T19:09:48.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35305
Vulnerability from cvelistv5
Published
2024-06-10 14:28
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Unauth Time-Based SQL Injection via API
References
| ▼ | URL | Tags |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Pandora FMS | Pandora FMS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:59.082085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:29:45.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:28:18.393Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v777"
}
],
"value": "Fixed in v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauth Time-Based SQL Injection via API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35305",
"datePublished": "2024-06-10T14:28:18.393Z",
"dateReserved": "2024-05-16T17:38:35.342Z",
"dateUpdated": "2024-08-02T03:07:46.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}