Vulnerabilites related to cloverdx - cloverdx
cve-2021-29995
Vulnerability from cvelistv5
Published
2021-06-09 14:23
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cloverdx.com/releases/ | x_refsource_MISC | |
| https://support1.cloverdx.com/hc/en-us/articles/360021006520 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:24:59.109Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-29T15:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-29995", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cloverdx.com/releases/", refsource: "MISC", url: "https://support.cloverdx.com/releases/", }, { name: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", refsource: "CONFIRM", url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, { name: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29995", datePublished: "2021-06-09T14:23:17", dateReserved: "2021-04-02T00:00:00", dateUpdated: "2024-08-03T22:24:59.109Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-30133
Vulnerability from cvelistv5
Published
2021-06-09 14:33
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cloverdx.com/releases/ | x_refsource_MISC | |
| https://support1.cloverdx.com/hc/en-us/articles/360021006520 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:24:59.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-09T14:33:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-30133", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cloverdx.com/releases/", refsource: "MISC", url: "https://support.cloverdx.com/releases/", }, { name: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", refsource: "CONFIRM", url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-30133", datePublished: "2021-06-09T14:33:39", dateReserved: "2021-04-05T00:00:00", dateUpdated: "2024-08-03T22:24:59.558Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42776
Vulnerability from cvelistv5
Published
2021-12-01 16:25
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.cloverdx.com/releases/ | x_refsource_MISC | |
| https://support1.cloverdx.com/hc/en-us/articles/4411125429010 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:38:50.149Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-01T16:25:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.cloverdx.com/releases/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-42776", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.cloverdx.com/releases/", refsource: "MISC", url: "https://support.cloverdx.com/releases/", }, { name: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", refsource: "CONFIRM", url: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-42776", datePublished: "2021-12-01T16:25:40", dateReserved: "2021-10-21T00:00:00", dateUpdated: "2024-08-04T03:38:50.149Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31056
Vulnerability from cvelistv5
Published
2023-04-24 00:00
Modified
2025-02-04 19:40
Severity ?
EPSS score ?
Summary
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:45:25.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31056", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:39:50.326908Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:40:12.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-24T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31056", datePublished: "2023-04-24T00:00:00.000Z", dateReserved: "2023-04-24T00:00:00.000Z", dateUpdated: "2025-02-04T19:40:12.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-06-09 15:15
Modified
2024-11-21 06:02
Severity ?
Summary
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://support1.cloverdx.com/hc/en-us/articles/360021006520 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support1.cloverdx.com/hc/en-us/articles/360021006520 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "09EF9AD2-07E2-4794-95B7-DD6741ED3A29", versionEndExcluding: "5.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "7CE80C77-407C-4B7C-9AD7-79FC8346E8A4", versionEndExcluding: "5.8.2", versionStartIncluding: "5.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "7F774EF6-503D-47C5-BDCE-016A10196A32", versionEndExcluding: "5.9.1", versionStartIncluding: "5.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.", }, { lang: "es", value: "Un problema de tipo Cross Site Request Forgery (CSRF) en Server Console en CloverDX versiones hasta 5.9.0, permite a atacantes remotos ejecutar cualquier acción como el usuario que inició sesión (incluida la ejecución del script). El problema es resuelto en CloverDX versión 5.10, CloverDX versión 5.9.1, CloverDX versión 5.8.2 y CloverDX versión 5.7.1", }, ], id: "CVE-2021-29995", lastModified: "2024-11-21T06:02:08.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-09T15:15:08.503", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-01 17:15
Modified
2024-11-21 06:28
Severity ?
Summary
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://support1.cloverdx.com/hc/en-us/articles/4411125429010 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support1.cloverdx.com/hc/en-us/articles/4411125429010 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "5B96D42D-CEBC-4568-AB47-10E0B6F9CC07", versionEndExcluding: "5.11.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.12.0:*:*:*:*:*:*:*", matchCriteriaId: "4DA8E106-A534-46CB-AB8F-6A901F088094", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.12.1:*:*:*:*:*:*:*", matchCriteriaId: "AFA1D862-7012-42F2-8874-E774D41F0671", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.", }, { lang: "es", value: "CloverDX Server versiones anteriores a 5.11.2 y 5.12.x versiones anteriores a 5.12.1, permite un ataque de tipo XXE durante la importación de la configuración", }, ], id: "CVE-2021-42776", lastModified: "2024-11-21T06:28:09.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-01T17:15:07.583", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/4411125429010", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-24 03:15
Modified
2025-02-04 20:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023 | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "B07C9FA5-3488-4022-A89A-1A96809FCCD7", versionEndIncluding: "5.14.3", versionStartIncluding: "5.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "76148B6A-026F-419B-8175-1AF6D5E33589", versionEndIncluding: "5.15.3", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "05AC6E67-91A2-413D-B850-1077D17E9EE4", versionEndExcluding: "5.17.3", versionStartIncluding: "5.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.16.0:*:*:*:*:*:*:*", matchCriteriaId: "ECF870A6-8F71-4AE0-9C3B-5AB095618428", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.16.1:*:*:*:*:*:*:*", matchCriteriaId: "A0B816D3-F735-4A6C-A606-ECFC640FE1AB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.", }, ], id: "CVE-2023-31056", lastModified: "2025-02-04T20:15:48.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-24T03:15:07.267", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-09 15:15
Modified
2024-11-21 06:03
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://support1.cloverdx.com/hc/en-us/articles/360021006520 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cloverdx.com/releases/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support1.cloverdx.com/hc/en-us/articles/360021006520 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "23E4CF2F-FF43-409B-9C2A-A485899A4914", versionEndIncluding: "5.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:*:*:*:*:*:*:*:*", matchCriteriaId: "7F774EF6-503D-47C5-BDCE-016A10196A32", versionEndExcluding: "5.9.1", versionStartIncluding: "5.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.8.0:*:*:*:*:*:*:*", matchCriteriaId: "ED3261BC-5D26-4353-BE55-81BFCA47CC91", vulnerable: true, }, { criteria: "cpe:2.3:a:cloverdx:cloverdx:5.8.1:*:*:*:*:*:*:*", matchCriteriaId: "E79806F1-805B-42DC-BFAB-936420665734", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting (XSS) en CloverDX Server versiones 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0 y versiones anteriores permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro sessionToken de múltiples métodos en la API HTTP simple. Esto es resuelto en versiones 5.9.1 y 5.10", }, ], id: "CVE-2021-30133", lastModified: "2024-11-21T06:03:22.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-09T15:15:08.540", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://support.cloverdx.com/releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support1.cloverdx.com/hc/en-us/articles/360021006520", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }