Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for insync_client by druva
CVE-2021-36668 (GCVE-0-2021-36668)
Vulnerability from cvelistv5 – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36668",
"datePublished": "2022-07-11T15:06:57.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36667 (GCVE-0-2021-36667)
Vulnerability from cvelistv5 – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36667",
"datePublished": "2022-07-11T15:06:50.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36666 (GCVE-0-2021-36666)
Vulnerability from cvelistv5 – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36666",
"datePublished": "2022-07-11T15:06:44.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36665 (GCVE-0-2021-36665)
Vulnerability from cvelistv5 – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36665",
"datePublished": "2022-07-11T15:06:35.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:57.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5752 (GCVE-0-2020-5752)
Vulnerability from cvelistv5 – Published: 2020-05-21 14:03 – Updated: 2024-08-04 08:39
VLAI
Summary
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated Path Traversal Vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-34 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157802/Druva… | x_refsource_MISC |
| http://packetstormsecurity.com/files/160404/Druva… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Druva inSync Windows Client |
Affected:
6.6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Druva inSync Windows Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Path Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T18:06:11.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Druva inSync Windows Client",
"version": {
"version_data": [
{
"version_value": "6.6.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Path Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-34",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"name": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5752",
"datePublished": "2020-05-21T14:03:16.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3999 (GCVE-0-2019-3999)
Vulnerability from cvelistv5 – Published: 2020-02-25 18:15 – Updated: 2024-08-04 19:26
VLAI
Summary
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated OS Command Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-12 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157493/Druva… | x_refsource_MISC |
| http://packetstormsecurity.com/files/157680/Druva… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Druva inSync Windows Client |
Affected:
6.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Druva inSync Windows Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T21:06:23.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Druva inSync Windows Client",
"version": {
"version_data": [
{
"version_value": "6.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-12",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"name": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3999",
"datePublished": "2020-02-25T18:15:03.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36668 (GCVE-0-2021-36668)
Vulnerability from nvd – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36668",
"datePublished": "2022-07-11T15:06:57.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36667 (GCVE-0-2021-36667)
Vulnerability from nvd – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36667",
"datePublished": "2022-07-11T15:06:50.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36666 (GCVE-0-2021-36666)
Vulnerability from nvd – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36666",
"datePublished": "2022-07-11T15:06:44.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36665 (GCVE-0-2021-36665)
Vulnerability from nvd – Published: 2022-07-11 15:06 – Updated: 2024-08-04 01:01
VLAI
Summary
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://druva.com | x_refsource_MISC |
| https://docs.druva.com/Knowledge_Base/Security_Up… | x_refsource_MISC |
| https://imhotepisinvisible.com/druva-lpe/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T16:56:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://druva.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://druva.com",
"refsource": "MISC",
"url": "http://druva.com"
},
{
"name": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before",
"refsource": "MISC",
"url": "https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before"
},
{
"name": "https://imhotepisinvisible.com/druva-lpe/",
"refsource": "MISC",
"url": "https://imhotepisinvisible.com/druva-lpe/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36665",
"datePublished": "2022-07-11T15:06:35.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:57.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5752 (GCVE-0-2020-5752)
Vulnerability from nvd – Published: 2020-05-21 14:03 – Updated: 2024-08-04 08:39
VLAI
Summary
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated Path Traversal Vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-34 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157802/Druva… | x_refsource_MISC |
| http://packetstormsecurity.com/files/160404/Druva… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Druva inSync Windows Client |
Affected:
6.6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Druva inSync Windows Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Path Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T18:06:11.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Druva inSync Windows Client",
"version": {
"version_data": [
{
"version_value": "6.6.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Path Traversal Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-34",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-34"
},
{
"name": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5752",
"datePublished": "2020-05-21T14:03:16.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3999 (GCVE-0-2019-3999)
Vulnerability from nvd – Published: 2020-02-25 18:15 – Updated: 2024-08-04 19:26
VLAI
Summary
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
Severity
No CVSS data available.
CWE
- Unauthenticated OS Command Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2020-12 | x_refsource_MISC |
| http://packetstormsecurity.com/files/157493/Druva… | x_refsource_MISC |
| http://packetstormsecurity.com/files/157680/Druva… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Druva inSync Windows Client |
Affected:
6.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Druva inSync Windows Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T21:06:23.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Druva inSync Windows Client",
"version": {
"version_data": [
{
"version_value": "6.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-12",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-12"
},
{
"name": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3999",
"datePublished": "2020-02-25T18:15:03.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}