Search criteria
31 vulnerabilities found for ZONECENTRAL by PrimX
CERTFR-2024-AVI-0965
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits PrimX. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| PrimX | ZEDMAIL | ZEDMAIL toutes versions pour Windows | ||
| PrimX | ORIZON | ORIZON toutes versions pour Windows | ||
| PrimX | ZONECENTRAL | ZONECENTRAL toutes versions | ||
| PrimX | ZONEPOINT | ZONEPOINT toutes versions pour Windows | ||
| PrimX | ZED! | ZED! ENTREPRISE toutes versions pour Windows | ||
| PrimX | CRYHOD | CRYHOD toutes versions (hors versions qualifiées) pour Windows |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ZEDMAIL toutes versions pour Windows",
"product": {
"name": "ZEDMAIL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ORIZON toutes versions pour Windows",
"product": {
"name": "ORIZON",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ZONECENTRAL toutes versions",
"product": {
"name": "ZONECENTRAL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ZONEPOINT toutes versions pour Windows",
"product": {
"name": "ZONEPOINT",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ZED! ENTREPRISE toutes versions pour Windows",
"product": {
"name": "ZED!",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "CRYHOD toutes versions (hors versions qualifi\u00e9es) pour Windows",
"product": {
"name": "CRYHOD",
"vendor": {
"name": "PrimX",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46467"
},
{
"name": "CVE-2024-46465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46465"
},
{
"name": "CVE-2024-46462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46462"
},
{
"name": "CVE-2024-46463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46463"
},
{
"name": "CVE-2024-46464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46464"
},
{
"name": "CVE-2024-46466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46466"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0965",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits PrimX. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PrimX",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24932297",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24932297/"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24932296",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24932296/"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24932299",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24932299/"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24931935",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24931935/"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24931934",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24931934/"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 PrimX 24931936",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-24931936/"
}
]
}
CERTFR-2023-AVI-1021
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits PRIM'X. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
La très forte réactivité de l'éditeur a permis de corriger ces vulnérabilités et publier des correctifs dans un délai de 3 mois.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IMPORTANT : Déployer les nouvelles versions des logiciels n'est pas suffisant, il est également nécessaire de prendre les mesures suivantes :
- créer de nouveaux conteneurs Zed! et ne pas réutiliser les anciens ;
- appliquer une politique de mot de passe forte pour les mots de passe utilisateurs (si la liste d'accès est protégée par mot de passe) ;
- contrôler les droits d'accès aux fichiers de zone utilisés par ZoneCentral enfin d'en limiter les droits d'écriture aux seuls administrateurs ZoneCentral.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| PrimX | CRYHOD | CRYHOD versions antérieures à 2023.5 pour Windows | ||
| PrimX | ZEDMAIL | ZED! features dans ZEDMAIL versions antérieures à 2023.5 pour Windows | ||
| Apple | macOS | ZEDFREE versions antérieures à 2023.5 pour Windows, macOS et Linux | ||
| Apple | macOS | ZED! Enterprise versions antérieures à 2023.5 pour Windows, macOS et Linux | ||
| Apple | macOS | ZEDPRO versions antérieures à 2023.5 pour Windows, macOS et Linux | ||
| PrimX | ZONECENTRAL | ZED! features dans ZONECENTRAL versions antérieures à 2023.5 pour Windows (à l'exception de la vulnérabilité CVE-2023-50442 qui affecte toutes les versions) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CRYHOD versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
"product": {
"name": "CRYHOD",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ZED! features dans ZEDMAIL versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
"product": {
"name": "ZEDMAIL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "ZEDFREE versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "ZED! Enterprise versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "ZEDPRO versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "ZED! features dans ZONECENTRAL versions ant\u00e9rieures \u00e0 2023.5 pour Windows (\u00e0 l\u0027exception de la vuln\u00e9rabilit\u00e9 CVE-2023-50442 qui affecte toutes les versions)",
"product": {
"name": "ZONECENTRAL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n**\u003cspan style=\"color: #ff0000;\"\u003eIMPORTANT :\u003c/span\u003e** D\u00e9ployer les\nnouvelles versions des logiciels n\u0027est pas suffisant, il est \u00e9galement\nn\u00e9cessaire de prendre les mesures suivantes :\n\n- cr\u00e9er de nouveaux conteneurs Zed! et ne pas r\u00e9utiliser les anciens ;\n- appliquer une politique de mot de passe forte pour les mots de passe\n utilisateurs (si la liste d\u0027acc\u00e8s est prot\u00e9g\u00e9e par mot de passe) ;\n- contr\u00f4ler les droits d\u0027acc\u00e8s aux fichiers de zone utilis\u00e9s par\n ZoneCentral enfin d\u0027en limiter les droits d\u0027\u00e9criture aux seuls\n administrateurs ZoneCentral.\n\n\u00a0\n",
"cves": [
{
"name": "CVE-2023-50441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50441"
},
{
"name": "CVE-2023-50442",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50442"
},
{
"name": "CVE-2023-50444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50444"
},
{
"name": "CVE-2023-50439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50439"
},
{
"name": "CVE-2023-50440",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50440"
},
{
"name": "CVE-2023-50443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50443"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1021",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nPRIM\u0027X. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLa tr\u00e8s forte r\u00e9activit\u00e9 de l\u0027\u00e9diteur a permis de corriger ces\nvuln\u00e9rabilit\u00e9s et publier des correctifs dans un d\u00e9lai de 3 mois.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PRIM\u0027X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30874 du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30874/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30930 du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30930/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093a du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093a/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30933 du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30933/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093b du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093b/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30931 du 13 d\u00e9cembre 2023",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30931/"
}
]
}
CERTFR-2019-AVI-043
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Prim’X Zed!. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| PrimX | ZONECENTRAL | Fonctionnalités Zed! dans ZoneCentral pour Windows versions antérieures à 6.1.2240 | ||
| Microsoft | Windows | Zed Entreprise pour Windows versions antérieures à 6.1.2240 | ||
| Microsoft | Windows | Zed Pro pour Windows versions antérieures à 1.0.195 | ||
| N/A | N/A | Zed Pro pour Linux versions antérieures à 1.0.199 | ||
| PrimX | ZEDMAIL | Fonctionnalités Zed! dans ZedMail pour Windows versions antérieures à 6.1.2240 | ||
| N/A | N/A | Zed Entreprise pour Mac versions antérieures à 2.0.199 | ||
| Microsoft | Windows | Zed Free pour Windows versions antérieures à 1.0.195 | ||
| N/A | N/A | Zed Entreprise pour Linux versions antérieures à 2.0.199 | ||
| N/A | N/A | Zed Pro pour Mac versions antérieures à 1.0.199 | ||
| Microsoft | N/A | Zed Free pour Mac versions antérieures à 1.0.199 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fonctionnalit\u00e9s Zed! dans ZoneCentral pour Windows versions ant\u00e9rieures \u00e0 6.1.2240",
"product": {
"name": "ZONECENTRAL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "Zed Entreprise pour Windows versions ant\u00e9rieures \u00e0 6.1.2240",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Zed Pro pour Windows versions ant\u00e9rieures \u00e0 1.0.195",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Zed Pro pour Linux versions ant\u00e9rieures \u00e0 1.0.199",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Fonctionnalit\u00e9s Zed! dans ZedMail pour Windows versions ant\u00e9rieures \u00e0 6.1.2240",
"product": {
"name": "ZEDMAIL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
},
{
"description": "Zed Entreprise pour Mac versions ant\u00e9rieures \u00e0 2.0.199",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Zed Free pour Windows versions ant\u00e9rieures \u00e0 1.0.195",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Zed Entreprise pour Linux versions ant\u00e9rieures \u00e0 2.0.199",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Zed Pro pour Mac versions ant\u00e9rieures \u00e0 1.0.199",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Zed Free pour Mac versions ant\u00e9rieures \u00e0 1.0.199",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-7312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7312"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-043",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Prim\u2019X Zed!. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Prim\u2019X Zed!",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Prim\u2019X 19110545 du 31 janvier 2019",
"url": "https://www.primx.eu/fr/bulletins/security-bulletin-19110545/"
}
]
}
CERTFR-2018-AVI-555
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Prim'X ZoneCentral. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| PrimX | ZONECENTRAL | ZoneCentral pour Windows versions antérieures à 6.1.2236 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ZoneCentral pour Windows versions ant\u00e9rieures \u00e0 6.1.2236",
"product": {
"name": "ZONECENTRAL",
"vendor": {
"name": "PrimX",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19279"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-555",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Prim\u0027X ZoneCentral. Elle permet\n\u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Prim\u0027X ZoneCentral",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Prim\u0027X du 09 novembre 2018",
"url": "https://www.primx.eu/en/security-18a10338/"
}
]
}
FKIE_CVE-2023-50442
Vulnerability from fkie_nvd - Published: 2023-12-13 21:15 - Updated: 2024-11-21 08:37
Severity ?
Summary
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| primx | zonecentral | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "70D83FB5-F2D7-43E1-9EA9-6AC0B3023EEC",
"versionEndIncluding": "2023.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)"
},
{
"lang": "es",
"value": "Un atacante local (con los privilegios adecuados) puede modificar las carpetas cifradas creadas por PRIMX ZONECENTRAL hasta 2023.5 para que tipos de archivos espec\u00edficos queden excluidos del cifrado temporalmente. (Sin embargo, esta modificaci\u00f3n se puede detectar, como se describe en la Gu\u00eda del administrador)."
}
],
"id": "CVE-2023-50442",
"lastModified": "2024-11-21T08:37:00.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T21:15:09.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50439
Vulnerability from fkie_nvd - Published: 2023-12-13 21:15 - Updated: 2024-11-21 08:36
Severity ?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
},
{
"lang": "es",
"value": "Contenedores ZED producidos por PRIMX ZED! para Windows anterior a Q.2020.3 (env\u00edo de calificaci\u00f3n ANSSI), ZED! para Windows antes de Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI), ZONECENTRAL para Windows antes de Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI), ZONECENTRAL para Windows antes de 2023.5 o ZEDMAIL para Windows antes de 2023.5 divulgan la ruta original en la que se crearon los contenedores, lo que permite un atacante no autenticado para obtener informaci\u00f3n sobre el contexto de uso (nombre del proyecto, etc.)."
}
],
"id": "CVE-2023-50439",
"lastModified": "2024-11-21T08:36:59.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T21:15:09.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50440
Vulnerability from fkie_nvd - Published: 2023-12-13 21:15 - Updated: 2025-06-03 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:linux:*:*",
"matchCriteriaId": "CC444405-D58E-42B4-A1EF-1EF4F0CC6300",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:macos:*:*",
"matchCriteriaId": "34D7936A-123E-4582-9F90-2724A814CB0A",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:linux:*:*",
"matchCriteriaId": "B67C1CB4-F980-4856-82B2-95BECC07F380",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:macos:*:*",
"matchCriteriaId": "A895BAFB-8677-4ABB-9188-C84CAA9DC74B",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "006184BD-4D3B-4DB1-AE7C-E3B10E683BFB",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:linux:*:*",
"matchCriteriaId": "74F37A78-4F7C-4334-B9C1-8D8BA1570527",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "D1C7B28D-6E45-4B99-B764-2D622DDBE53A",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:windows:*:*",
"matchCriteriaId": "ACFFF19C-080B-485E-8E83-927125E5676E",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
},
{
"lang": "es",
"value": "Contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; ZED! para Windows, Mac, Linux antes de 2023.5; ZEDFREE para Windows, Mac, Linux antes de 2023.5; o ZEDPRO para Windows, Mac, Linux anterior a 2023.5 puede ser modificado por un atacante no autenticado para incluir una referencia UNC de modo que pueda activar el acceso a la red a una maquina controlada por el atacante cuando la v\u00edctima la abra."
}
],
"id": "CVE-2023-50440",
"lastModified": "2025-06-03T14:15:33.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-13T21:15:09.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50444
Vulnerability from fkie_nvd - Published: 2023-12-13 20:15 - Updated: 2024-11-21 08:37
Severity ?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
},
{
"lang": "es",
"value": "De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta."
}
],
"id": "CVE-2023-50444",
"lastModified": "2024-11-21T08:37:00.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T20:15:49.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50441
Vulnerability from fkie_nvd - Published: 2023-12-13 20:15 - Updated: 2024-11-21 08:36
Severity ?
Summary
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| primx | zonecentral | * | |
| primx | zonecentral | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened."
},
{
"lang": "es",
"value": "Un atacante no autenticado puede modificar las carpetas cifradas creadas por PRIMX ZONECENTRAL para Windows antes de Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI) o ZONECENTRAL para Windows antes de 2023.5 para incluir una referencia UNC que pueda activar el tr\u00e1fico de red saliente desde las maquinas en las que se abren las carpetas."
}
],
"id": "CVE-2023-50441",
"lastModified": "2024-11-21T08:36:59.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T20:15:49.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-7312
Vulnerability from fkie_nvd - Published: 2019-02-03 08:29 - Updated: 2024-11-21 04:47
Severity ?
Summary
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.primx.eu/en/bulletins/security-bulletin-19110545 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.primx.eu/en/bulletins/security-bulletin-19110545 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "4DC7B453-8DA5-4764-A4FD-77FB06E98737",
"versionEndExcluding": "1.0.195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:windows:*:*",
"matchCriteriaId": "A5C990BE-473E-4471-BECE-210902EF8F04",
"versionEndExcluding": "1.0.195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:linux:*:*",
"matchCriteriaId": "60B2C638-AD0A-4C93-ACA3-1BDAC971F2E1",
"versionEndExcluding": "1.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:free:mac:*:*",
"matchCriteriaId": "93EA97A8-DD10-4F1C-9356-BDB503B6AE91",
"versionEndExcluding": "1.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:linux:*:*",
"matchCriteriaId": "E4086B4A-B6C4-4EE2-8A69-DFDBC9DA6D03",
"versionEndExcluding": "1.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:pro:mac:*:*",
"matchCriteriaId": "D45A9E55-703D-4A17-8EAE-B96B91DF2D1A",
"versionEndExcluding": "1.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:linux:*:*",
"matchCriteriaId": "DFD43D83-1DBF-4F41-90CA-585109597003",
"versionEndExcluding": "2.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:mac:*:*",
"matchCriteriaId": "F8EAE130-AE29-48FB-A156-C1E1D8C176C6",
"versionEndExcluding": "2.0.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed:*:*:*:*:entreprise:windows:*:*",
"matchCriteriaId": "64372E28-DDC9-4DFC-AF2F-B46CBF74E066",
"versionEndExcluding": "6.1.2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9AC207CC-0888-47ED-A8EE-260D1C71BF33",
"versionEndExcluding": "6.1.2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CCA5A62E-8D4C-4BD5-9AB0-9CAB5DABFE28",
"versionEndExcluding": "6.1.2240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."
},
{
"lang": "es",
"value": "Existe la divulgaci\u00f3n de texto plano limitada en PRIMX Zed Entreprise para Windows, en versiones anteriores a la 6.1.2240, en Zed Entreprise para Windows [env\u00edo de calificaci\u00f3n ANSSI] en versiones anteriores a la 6.1.2150, en Zed Entreprise para Mac en versiones 2.0.199, en Zed Entreprise para Linux en versiones 2.0.199, en Zed Pro para Windows en versiones anteriores a la 1.0.195, en Zed Pro para Mac en versiones anteriores a la 1.0.199, en Zed Pro para Linux en versiones anteriores a la 1.0.199, en Zed Free para Windows en versiones anteriores a la 1.0.195, en Zed Free para Mac en versiones anteriores a la 1.0.199 y en Zed Free para Linux en versiones anteriores a la 1.0.199. El an\u00e1lisis de un contenedor Zed puede conducir a la divulgaci\u00f3n del contenido de texto plano de archivos muy peque\u00f1os (unos pocos bytes) almacenados en dicho contenedor."
}
],
"id": "CVE-2019-7312",
"lastModified": "2024-11-21T04:47:59.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-03T08:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-19279
Vulnerability from fkie_nvd - Published: 2018-11-14 20:29 - Updated: 2024-11-21 03:57
Severity ?
Summary
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.primx.eu/en/security-18a10338/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.primx.eu/en/security-18a10338/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| primx | zonecentral | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7E3109-4A5B-4352-B584-083EB55C1C29",
"versionEndExcluding": "6.1.2236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater."
},
{
"lang": "es",
"value": "PRIMX ZoneCentral en versiones anteriores a la 6.1.2236 en Windows a veces filtra el texto plano de los archivos NTFS. En dispositivos que no son SSD, esto se limita a un periodo de 5 segundos y a archivos de menos de 600 bytes. El efecto en dispositivos SSD podr\u00eda ser mayor."
}
],
"id": "CVE-2018-19279",
"lastModified": "2024-11-21T03:57:40.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-14T20:29:01.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/security-18a10338/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/security-18a10338/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-50439 (GCVE-0-2023-50439)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:17:26.437262",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50439",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50442 (GCVE-0-2023-50442)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:32:41.286847",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50442",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50440 (GCVE-0-2023-50440)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2025-06-03 13:43
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:27:33.353117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:43:44.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:28:25.568Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50440",
"datePublished": "2023-12-13T00:00:00.000Z",
"dateReserved": "2023-12-10T00:00:00.000Z",
"dateUpdated": "2025-06-03T13:43:44.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50444 (GCVE-0-2023-50444)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-11-26 15:22
VLAI?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-19T19:18:36.037192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:22:48.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:08:45.780353",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50444",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-11-26T15:22:48.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50441 (GCVE-0-2023-50441)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-10-08 14:31
VLAI?
Summary
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T20:25:26.821569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:31:51.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:44:29.151334",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50441",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-10-08T14:31:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7312 (GCVE-0-2019-7312)
Vulnerability from cvelistv5 – Published: 2019-02-03 08:00 – Updated: 2024-09-17 01:21
VLAI?
Summary
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-03T08:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.primx.eu/en/bulletins/security-bulletin-19110545",
"refsource": "MISC",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7312",
"datePublished": "2019-02-03T08:00:00Z",
"dateReserved": "2019-02-03T00:00:00Z",
"dateUpdated": "2024-09-17T01:21:55.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19279 (GCVE-0-2018-19279)
Vulnerability from cvelistv5 – Published: 2018-11-14 20:00 – Updated: 2024-09-17 01:10
VLAI?
Summary
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.primx.eu/en/security-18a10338/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.primx.eu/en/security-18a10338/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.primx.eu/en/security-18a10338/",
"refsource": "MISC",
"url": "https://www.primx.eu/en/security-18a10338/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19279",
"datePublished": "2018-11-14T20:00:00Z",
"dateReserved": "2018-11-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:10:50.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50439 (GCVE-0-2023-50439)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:17:26.437262",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50439",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50442 (GCVE-0-2023-50442)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:32:41.286847",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30933/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50442",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50440 (GCVE-0-2023-50440)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2025-06-03 13:43
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:27:33.353117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:43:44.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:28:25.568Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50440",
"datePublished": "2023-12-13T00:00:00.000Z",
"dateReserved": "2023-12-10T00:00:00.000Z",
"dateUpdated": "2025-06-03T13:43:44.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50444 (GCVE-0-2023-50444)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-11-26 15:22
VLAI?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-19T19:18:36.037192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:22:48.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:08:45.780353",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50444",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-11-26T15:22:48.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50441 (GCVE-0-2023-50441)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-10-08 14:31
VLAI?
Summary
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T20:25:26.821569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:31:51.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:44:29.151334",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B3093A/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50441",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-10-08T14:31:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7312 (GCVE-0-2019-7312)
Vulnerability from nvd – Published: 2019-02-03 08:00 – Updated: 2024-09-17 01:21
VLAI?
Summary
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-03T08:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.primx.eu/en/bulletins/security-bulletin-19110545",
"refsource": "MISC",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-19110545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7312",
"datePublished": "2019-02-03T08:00:00Z",
"dateReserved": "2019-02-03T00:00:00Z",
"dateUpdated": "2024-09-17T01:21:55.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19279 (GCVE-0-2018-19279)
Vulnerability from nvd – Published: 2018-11-14 20:00 – Updated: 2024-09-17 01:10
VLAI?
Summary
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.primx.eu/en/security-18a10338/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.primx.eu/en/security-18a10338/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.primx.eu/en/security-18a10338/",
"refsource": "MISC",
"url": "https://www.primx.eu/en/security-18a10338/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19279",
"datePublished": "2018-11-14T20:00:00Z",
"dateReserved": "2018-11-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:10:50.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}