All the vulnerabilites related to f-secure - elements_endpoint_protection
cve-2022-28877
Vulnerability from cvelistv5
Published
2022-07-21 15:32
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection Products for Windows |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-21T15:32:45",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28877",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28877",
"datePublished": "2022-07-21T15:32:45",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38166
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 10:45
Severity ?
EPSS score ?
Summary
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38166"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38166",
"datePublished": "2022-11-25T00:00:00",
"dateReserved": "2022-08-11T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43760
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-08-02 19:52
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:13.995951",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43760",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49321
Vulnerability from cvelistv5
Published
2023-11-26 00:00
Modified
2024-08-02 21:53
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:43:53.336684",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49321",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28880
Vulnerability from cvelistv5
Published
2022-08-05 16:46
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.withsecure.com/en/expertise/people | x_refsource_MISC | |
| https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:46:48",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28880",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/expertise/people",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"name": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28880",
"datePublished": "2022-08-05T16:46:48",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49322
Vulnerability from cvelistv5
Published
2023-11-26 00:00
Modified
2024-08-02 21:53
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:39:36.452985",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49322",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28878
Vulnerability from cvelistv5
Published
2022-07-22 15:29
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:29:00",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28878",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28878",
"datePublished": "2022-07-22T15:29:00",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28874
Vulnerability from cvelistv5
Published
2022-05-23 10:28
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/home/support/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security 64. F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Denial-of-Service (DoS) Vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-23T17:30:06",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Denial-of-Service (DoS) Vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28874",
"STATE": "PUBLIC",
"TITLE": "Multiple Denial-of-Service (DoS) Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security 64. F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Denial-of-Service (DoS) Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/home/support/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28874",
"datePublished": "2022-05-23T10:28:30",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44747
Vulnerability from cvelistv5
Published
2022-03-01 11:55
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper \u0026 F-Secure Security Cloud",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T15:47:23",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX: No user action is required. The required fix has been published through automatic update channel with Pisces release 2022-02-23_01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-44747",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper \u0026 F-Secure Security Cloud",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX: No user action is required. The required fix has been published through automatic update channel with Pisces release 2022-02-23_01"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-44747",
"datePublished": "2022-03-01T11:55:26",
"dateReserved": "2021-12-08T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28875
Vulnerability from cvelistv5
Published
2022-05-25 15:09
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T15:09:30",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28875",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28875",
"datePublished": "2022-05-25T15:09:30",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43761
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-09-24 19:39
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:33:48.651605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:39:07.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:02.196969",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43761",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-24T19:39:07.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40837
Vulnerability from cvelistv5
Published
2022-02-09 12:10
Modified
2024-08-04 02:51
Severity ?
EPSS score ?
Summary
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper \u0026 F-Secure Security Cloud",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T12:10:46",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX: No User action is required. The required fix has been published through automatic update channel with Capricorn update 2022-02-01_01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-40837",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper \u0026 F-Secure Security Cloud",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX: No User action is required. The required fix has been published through automatic update channel with Capricorn update 2022-02-01_01"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-40837",
"datePublished": "2022-02-09T12:10:46",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40836
Vulnerability from cvelistv5
Published
2021-12-22 11:14
Modified
2024-08-04 02:51
Severity ?
EPSS score ?
Summary
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Internet Gatekeeper |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant \u0026 F-Secure Internet Gatekeeper",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T18:07:19",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-40836",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant \u0026 F-Secure Internet Gatekeeper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-40836",
"datePublished": "2021-12-22T11:14:42",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28886
Vulnerability from cvelistv5
Published
2022-09-23 18:24
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T18:24:04",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28886",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28886",
"datePublished": "2022-09-23T18:24:04",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28887
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Denial-of-Service (DoS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-26_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28887",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40833
Vulnerability from cvelistv5
Published
2021-11-26 16:39
Modified
2024-08-04 02:51
Severity ?
EPSS score ?
Summary
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Internet Gatekeeper & F-Secure Atlant |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Internet Gatekeeper \u0026 F-Secure Atlant",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-26T16:39:54",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-11-22_03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-40833",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Internet Gatekeeper \u0026 F-Secure Atlant",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-11-22_03"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-40833",
"datePublished": "2021-11-26T16:39:54",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33599
Vulnerability from cvelistv5
Published
2021-09-07 12:12
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T12:12:28",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-25_04"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-33599",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-25_04"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-33599",
"datePublished": "2021-09-07T12:12:28",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28876
Vulnerability from cvelistv5
Published
2022-07-14 14:45
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:45:07",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28876",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28876",
"datePublished": "2022-07-14T14:45:07",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43767
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-09-25 13:16
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:15:09.025818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:16:39.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:01.497108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43767",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:16:39.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43766
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-09-25 13:17
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:17:40.400087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:17:56.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:16.805399",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43766",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:17:56.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33598
Vulnerability from cvelistv5
Published
2021-08-23 11:02
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | x_refsource_MISC | |
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Windows, Mac and Linux Security |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows, Mac and Linux Security",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:02:50",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX: No user action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-10_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-33598",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows, Mac and Linux Security",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX: No user action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-10_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-33598",
"datePublished": "2021-08-23T11:02:50",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28882
Vulnerability from cvelistv5
Published
2022-08-23 15:54
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:02",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28882",
"datePublished": "2022-08-23T15:54:02",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33597
Vulnerability from cvelistv5
Published
2021-08-05 19:38
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | x_refsource_MISC | |
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | F-Secure endpoint protection products on Windows, Mac and Linux Security |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows, Mac and Linux Security",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:38:03",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "The required fix has been published through an automatic update channel with Database \"Capricorn update 2021-07-26_07\"."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-33597",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows, Mac and Linux Security",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "The required fix has been published through an automatic update channel with Database \"Capricorn update 2021-07-26_07\"."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-33597",
"datePublished": "2021-08-05T19:38:03",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43765
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-09-25 16:24
Severity ?
EPSS score ?
Summary
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_protection",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_security_64",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atlant",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "1.0.35-1"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "client_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elements_endpoint_protection",
"vendor": "f-secure",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "email_and_server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:02:43.697885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:55.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:35.966471",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43765",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T16:24:55.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33603
Vulnerability from cvelistv5
Published
2021-10-08 09:45
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T09:45:10",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-33603",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03\n"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-33603",
"datePublished": "2021-10-08T09:45:10",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28879
Vulnerability from cvelistv5
Published
2022-07-22 15:27
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure | All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:27:34",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28879",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28879",
"datePublished": "2022-07-22T15:27:34",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28883
Vulnerability from cvelistv5
Published
2022-08-23 15:54
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:14",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28883",
"datePublished": "2022-08-23T15:54:14",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40832
Vulnerability from cvelistv5
Published
2021-10-08 09:45
Modified
2024-08-04 02:51
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T09:45:34",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-40832",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-40832",
"datePublished": "2021-10-08T09:45:34",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28881
Vulnerability from cvelistv5
Published
2022-08-10 16:03
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.f-secure.com/en/business/support-and-downloads/security-advisories | x_refsource_MISC | |
| https://www.withsecure.com/en/support/security-advisories | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection |
Version: All Version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T16:03:24",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28881",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28881",
"datePublished": "2022-08-10T16:03:24",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-10-08 10:15
Modified
2024-11-21 06:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_for_microsoft_365 | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | elements_endpoint_detection_and_response | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_for_microsoft_365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5FAF08-98B4-46C1-890A-958860119ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant, por la que el componente del m\u00f3dulo de desempaquetado AVRDL usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) del motor Antivirus"
}
],
"id": "CVE-2021-40832",
"lastModified": "2024-11-21T06:24:52.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T10:15:07.890",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service."
},
{
"lang": "es",
"value": "En F-Secure Endpoint Protection para Windows y macOS antes del canal con la base de datos Capricornio 2022-11-22_07, el controlador de desempaquetado aerdl.dll falla. Esto puede provocar una falla del motor de escaneo, que un atacante puede activar de forma remota por denegaci\u00f3n de servicio."
}
],
"id": "CVE-2022-38166",
"lastModified": "2024-11-21T07:15:55.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-25T15:15:10.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-25 16:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_collaboration_protection | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | elements_endpoint_detection_and_response | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aemobile puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser activado remotamente por un atacante"
}
],
"id": "CVE-2022-28875",
"lastModified": "2024-11-21T06:58:06.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T16:15:08.297",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-10 20:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_detection_and_response | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant por la que el componente aerdl.dll usado en determinados productos WithSecure es bloqueado, lo que conlleva a un bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante"
}
],
"id": "CVE-2022-28881",
"lastModified": "2024-11-21T06:58:07.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:32.953",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 18:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_detection_and_response | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad m\u00faltiple de Denegaci\u00f3n de Servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n del administrador de desempaquetado aerdl.dll es bloqueada. Esto puede conllevar a un posible fallo del motor de escaneo"
}
],
"id": "CVE-2022-28887",
"lastModified": "2024-11-21T06:58:08.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T18:15:09.417",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 16:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_collaboration_protection | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en F-Secure Atlant y en determinados productos WithSecure al escanear el archivo APK fuzzed es posible que pueda bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28878",
"lastModified": "2024-11-21T06:58:07.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T16:15:08.193",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBE4C11-5678-420C-ACC1-B92B095C6D1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aeheur.dll puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser desencadenado remotamente por un atacante"
}
],
"id": "CVE-2022-28876",
"lastModified": "2024-11-21T06:58:06.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.040",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 17:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/expertise/people | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/expertise/people | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_detection_and_response | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en F-Secure Atlant y en algunos productos WithSecure durante el escaneo de archivos fuzzed PE32-bit que puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante"
}
],
"id": "CVE-2022-28880",
"lastModified": "2024-11-21T06:58:07.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T17:15:08.447",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/expertise/people"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que el archivo aegen.dll entra en un bucle infinito cuando desempaqueta archivos PE. Esto conlleva finalmente a un bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante."
}
],
"id": "CVE-2022-28882",
"lastModified": "2024-11-21T06:58:07.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.237",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 05:15
Modified
2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s del controlador de descompresi\u00f3n del archivo aepack. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43767",
"lastModified": "2024-11-21T08:24:44.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-23 11:16
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/home/support/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/home/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | linux_security | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| withsecure | cloud_protection_for_salesforce | * | |
| withsecure | elements_collaboration_protection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBE4C11-5678-420C-ACC1-B92B095C6D1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:withsecure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF1A3D4-671B-4260-A037-1792B4BED229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:withsecure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64BDA5A1-28E5-4706-93E0-6651A2E1FFB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se han detectado m\u00faltiples vulnerabilidades de Denegaci\u00f3n de Servicio en F-Secure Atlant y en determinados productos WithSecure mientras son escaneados archivos PE32-bit fuzzed que causan corrupci\u00f3n de memoria y desbordamiento de b\u00fafer de la pila, lo que eventualmente puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante"
}
],
"id": "CVE-2022-28874",
"lastModified": "2024-11-21T06:58:06.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-23T11:16:10.827",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 05:15
Modified
2024-11-21 08:24
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio en el componente aeelf. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43765",
"lastModified": "2024-11-21T08:24:44.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-22T05:15:09.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 05:15
Modified
2024-11-21 08:24
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio (bucle infinito). Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43761",
"lastModified": "2024-11-21T08:24:43.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-22T05:15:09.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-21 16:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite al usuario local eliminar un archivo arbitrario en el sistema y omitir la protecci\u00f3n de seguridad que puede ser abusada para la escalada de privilegios locales en los productos de endpoint de F-Secure y WithSecure windows afectados. Un atacante debe tener derechos de ejecuci\u00f3n de c\u00f3digo en la m\u00e1quina v\u00edctima antes de la explotaci\u00f3n exitosa"
}
],
"id": "CVE-2022-28877",
"lastModified": "2024-11-21T06:58:07.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-21T16:15:09.030",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 13:15
Modified
2024-11-21 06:09
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | linux_security | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad que afecta al motor de F-Secure Antivirus por la que el escaneo de un archivo WIM puede conllevar a una denegaci\u00f3n de servicio (bucle infinito y congelaci\u00f3n del esc\u00e1ner del motor AV). La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus"
}
],
"id": "CVE-2021-33599",
"lastModified": "2024-11-21T06:09:10.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T13:15:07.403",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-09 13:15
Modified
2024-11-21 06:24
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | security_cloud | * | |
| f-secure | elements_endpoint_detection_and_response | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C810E84-5BA2-4C76-A0B1-787DA8FD6F43",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55CED2BE-3907-486B-B929-3F23BF59C32D",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0463D0C-3B1C-457A-BA24-6BB15814886B",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "418AEC01-756D-404E-A2C6-A68C174B4430",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBEB008-A43D-4A57-8EC6-6486ADE46ED7",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52DF86B1-BA20-41C6-A283-79915A102A53",
"versionEndExcluding": "2022-02-01_01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualizaci\u00f3n 2022-02-01_01 de Capricorn, por la que una descompresi\u00f3n del archivo ACE causa la detenci\u00f3n del servicio de esc\u00e1ner. La vulnerabilidad puede ser explotada de forma remota por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus"
}
],
"id": "CVE-2021-40837",
"lastModified": "2024-11-21T06:24:53.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T13:15:08.527",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 05:15
Modified
2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la escalada de privilegios Locales a trav\u00e9s del controlador de descompresi\u00f3n de archivos lhz. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43766",
"lastModified": "2024-11-21T08:24:44.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-27 00:15
Modified
2024-11-21 08:33
Severity ?
Summary
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque hay una falla en el controlador de descompresi\u00f3n que puede provocar una falla en el motor de escaneo. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"id": "CVE-2023-49322",
"lastModified": "2024-11-21T08:33:14.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T00:15:07.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-27 00:15
Modified
2024-11-21 08:33
Severity ?
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque el escaneo de un archivo manipulado lleva mucho tiempo y hace que el esc\u00e1ner se cuelgue. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection for Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"id": "CVE-2023-49321",
"lastModified": "2024-11-21T08:33:14.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T00:15:07.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-23 19:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | collaboration_protection | * | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA15CDF-797E-49A0-9643-686EF1B4F5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:windows:x86:*",
"matchCriteriaId": "30FE3885-E51D-44DD-A5D8-0795AE3830BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30BDCB44-B304-4A12-86A0-4849FAB25D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en los productos F-Secure y WithSecure en la que el archivo aerdl.so/aerdl.dll puede entrar en un bucle infinito cuando son desempaquetados archivos PE. Es posible que esto pueda bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28886",
"lastModified": "2024-11-21T06:58:08.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-23T19:15:11.447",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 20:15
Modified
2024-11-21 06:09
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | client_security | - | |
| f-secure | client_security | - | |
| f-secure | linux_security | - | |
| f-secure | business_suite | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:-:*:*:*:premium:*:*:*",
"matchCriteriaId": "D26E8064-BFC3-4542-BEE8-D4660B25347B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:client_security:-:*:*:*:standard:*:*:*",
"matchCriteriaId": "305A8404-8362-4F44-9C77-983C819E7C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:business_suite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F0190-91D5-4E65-88CB-993F1BD2CB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Atlant por la que el componente SAVAPI usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos fuzzed. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio (DoS) del motor Antivirus"
}
],
"id": "CVE-2021-33597",
"lastModified": "2024-11-21T06:09:10.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:09.213",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-01 12:15
Modified
2024-11-21 06:31
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | security_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57C8A204-70F5-449A-AB4F-A33823367B39",
"versionEndExcluding": "2022-02-23_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:mac:*:*",
"matchCriteriaId": "15D28175-A8B5-4B18-8FF2-DE953630DD6B",
"versionEndExcluding": "2022-02-23_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "249DE15A-0756-4969-9228-ACC1BAC42FA5",
"versionEndIncluding": "2022-02-23_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEF97B2-9C51-4B51-AE1A-363572757604",
"versionEndExcluding": "2022-02-23_01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:security_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59B674-ADF0-49F2-A389-6AB0678C12B1",
"versionEndExcluding": "2022-02-23_01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras son escaneados archivos fuzzed. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en la Denegaci\u00f3n de Servicio del motor Antivirus."
}
],
"id": "CVE-2021-44747",
"lastModified": "2024-11-21T06:31:31.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-01T12:15:07.493",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 05:15
Modified
2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s de un archivo PE32 difuso. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43760",
"lastModified": "2024-11-21T08:24:43.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-22 12:15
Modified
2024-11-21 06:24
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * | |
| f-secure | elements_endpoint_detection_and_response | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el an\u00e1lisis de archivos .pst de MS outlook puede conllevar a una denegaci\u00f3n de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus. Corregido en la actualizaci\u00f3n Capricorn 13-12-2021_07"
}
],
"id": "CVE-2021-40836",
"lastModified": "2024-11-21T06:24:53.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-22T12:15:07.827",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-08 10:15
Modified
2024-11-21 06:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_for_microsoft_365 | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | elements_endpoint_detection_and_response | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_for_microsoft_365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5FAF08-98B4-46C1-890A-958860119ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant por la que el componente del m\u00f3dulo AVPACK usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) del motor Antivirus"
}
],
"id": "CVE-2021-33603",
"lastModified": "2024-11-21T06:09:11.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T10:15:07.817",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-22 16:15
Modified
2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/support/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_collaboration_protection | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aepack.dll puede bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28879",
"lastModified": "2024-11-21T06:58:07.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T16:15:08.247",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-23 12:15
Modified
2024-11-21 06:09
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | linux_security | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en todas las versiones de F-Secure Atlant por la que el componente SAVAPI usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos fuzzed. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) del motor Antivirus."
}
],
"id": "CVE-2021-33598",
"lastModified": "2024-11-21T06:09:10.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-23T12:15:10.587",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2021-33598"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n de desempaquetado de aerdl es bloqueada. Esto puede conllevar a un posible bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenado remotamente por un atacante."
}
],
"id": "CVE-2022-28883",
"lastModified": "2024-11-21T06:58:07.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.283",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-26 17:15
Modified
2024-11-21 06:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30BDCB44-B304-4A12-86A0-4849FAB25D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el desempaquetado de archivos UPX puede conllevar a una denegaci\u00f3n de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus"
}
],
"id": "CVE-2021-40833",
"lastModified": "2024-11-21T06:24:52.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-26T17:15:07.903",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}