Search criteria
6 vulnerabilities found for meetinghub_paperless_meetings by hamastar
FKIE_CVE-2024-6118
Vulnerability from fkie_nvd - Published: 2024-08-05 05:15 - Updated: 2024-08-30 17:44
Severity ?
Summary
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
References
| URL | Tags | ||
|---|---|---|---|
| ART@zuso.ai | https://zuso.ai/advisory/za-2024-03 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hamastar | meetinghub_paperless_meetings | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "20415191-3043-4513-9DB2-688942E3AA1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de almacenamiento de texto plano de una contrase\u00f1a en la funci\u00f3n ebooknote en Hamastar MeetingHub Paperless Meetings 2021 permite a atacantes remotos obtener las credenciales de otros usuarios y obtener acceso al producto a trav\u00e9s de un archivo XML."
}
],
"id": "CVE-2024-6118",
"lastModified": "2024-08-30T17:44:20.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ART@zuso.ai",
"type": "Secondary"
}
]
},
"published": "2024-08-05T05:15:39.920",
"references": [
{
"source": "ART@zuso.ai",
"tags": [
"Third Party Advisory"
],
"url": "https://zuso.ai/advisory/za-2024-03"
}
],
"sourceIdentifier": "ART@zuso.ai",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "ART@zuso.ai",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-6117
Vulnerability from fkie_nvd - Published: 2024-08-05 05:15 - Updated: 2024-08-30 17:41
Severity ?
Summary
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
References
| URL | Tags | ||
|---|---|---|---|
| ART@zuso.ai | https://zuso.ai/advisory/za-2024-02 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hamastar | meetinghub_paperless_meetings | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "20415191-3043-4513-9DB2-688942E3AA1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file."
},
{
"lang": "es",
"value": "Una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en la funci\u00f3n de gesti\u00f3n de reuniones en Hamastar MeetingHub Paperless Meetings 2021 permite a usuarios remotos autenticados realizar comandos arbitrarios del sistema a trav\u00e9s de un archivo ASP manipulado."
}
],
"id": "CVE-2024-6117",
"lastModified": "2024-08-30T17:41:50.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ART@zuso.ai",
"type": "Secondary"
}
]
},
"published": "2024-08-05T05:15:39.760",
"references": [
{
"source": "ART@zuso.ai",
"tags": [
"Third Party Advisory"
],
"url": "https://zuso.ai/advisory/za-2024-02"
}
],
"sourceIdentifier": "ART@zuso.ai",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ART@zuso.ai",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-6118 (GCVE-0-2024-6118)
Vulnerability from cvelistv5 – Published: 2024-08-05 04:21 – Updated: 2024-08-05 14:34
VLAI?
Summary
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hamastar Technology | MeetingHub Paperless Meetings |
Affected:
2021
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meetinghub_paperless_meetings",
"vendor": "hamastar",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:33:06.565028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:34:57.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MeetingHub Paperless Meetings",
"vendor": "Hamastar Technology",
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file.\u003c/span\u003e"
}
],
"value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:23.711Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-03"
}
],
"source": {
"defect": [
"ZA-2024-03"
],
"discovery": "EXTERNAL"
},
"title": "Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-6118",
"datePublished": "2024-08-05T04:21:23.711Z",
"dateReserved": "2024-06-18T06:34:22.212Z",
"dateUpdated": "2024-08-05T14:34:57.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6117 (GCVE-0-2024-6117)
Vulnerability from cvelistv5 – Published: 2024-08-05 04:20 – Updated: 2024-08-05 14:45
VLAI?
Summary
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hamastar Technology | MeetingHub Paperless Meetings |
Affected:
2021
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meetinghub_paperless_meetings",
"vendor": "hamastar",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:42:51.017241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:45:28.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MeetingHub Paperless Meetings",
"vendor": "Hamastar Technology",
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.\u003c/span\u003e"
}
],
"value": "A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:20:36.092Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-02"
}
],
"source": {
"defect": [
"ZA-2024-02"
],
"discovery": "EXTERNAL"
},
"title": "Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-6117",
"datePublished": "2024-08-05T04:20:36.092Z",
"dateReserved": "2024-06-18T06:34:20.955Z",
"dateUpdated": "2024-08-05T14:45:28.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6118 (GCVE-0-2024-6118)
Vulnerability from nvd – Published: 2024-08-05 04:21 – Updated: 2024-08-05 14:34
VLAI?
Summary
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hamastar Technology | MeetingHub Paperless Meetings |
Affected:
2021
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meetinghub_paperless_meetings",
"vendor": "hamastar",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:33:06.565028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:34:57.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MeetingHub Paperless Meetings",
"vendor": "Hamastar Technology",
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file.\u003c/span\u003e"
}
],
"value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:23.711Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-03"
}
],
"source": {
"defect": [
"ZA-2024-03"
],
"discovery": "EXTERNAL"
},
"title": "Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-6118",
"datePublished": "2024-08-05T04:21:23.711Z",
"dateReserved": "2024-06-18T06:34:22.212Z",
"dateUpdated": "2024-08-05T14:34:57.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6117 (GCVE-0-2024-6117)
Vulnerability from nvd – Published: 2024-08-05 04:20 – Updated: 2024-08-05 14:45
VLAI?
Summary
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hamastar Technology | MeetingHub Paperless Meetings |
Affected:
2021
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meetinghub_paperless_meetings",
"vendor": "hamastar",
"versions": [
{
"status": "affected",
"version": "2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:42:51.017241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T14:45:28.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MeetingHub Paperless Meetings",
"vendor": "Hamastar Technology",
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-05T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.\u003c/span\u003e"
}
],
"value": "A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T04:20:36.092Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-02"
}
],
"source": {
"defect": [
"ZA-2024-02"
],
"discovery": "EXTERNAL"
},
"title": "Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2024-6117",
"datePublished": "2024-08-05T04:20:36.092Z",
"dateReserved": "2024-06-18T06:34:20.955Z",
"dateUpdated": "2024-08-05T14:45:28.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}