Search criteria
3 vulnerabilities found for mylittlebackup by mylittletools
FKIE_CVE-2021-39392
Vulnerability from fkie_nvd - Published: 2021-09-15 17:15 - Updated: 2024-11-21 06:19
Severity ?
Summary
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mylittletools | mylittlebackup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mylittletools:mylittlebackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E121CF-A6C4-476F-AC9F-065F6298FD0B",
"versionEndIncluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
},
{
"lang": "es",
"value": "La herramienta de administraci\u00f3n de MyLittleBackup versiones hasta 1.7 incluy\u00e9ndola, permite a atacantes remotos ejecutar c\u00f3digo arbitrario porque machineKey est\u00e1 embebida (la misma para todas las instalaciones de los clientes) en web.config, y puede usarse para enviar c\u00f3digo ASP serializado"
}
],
"id": "CVE-2021-39392",
"lastModified": "2024-11-21T06:19:28.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-15T17:15:10.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-39392 (GCVE-0-2021-39392)
Vulnerability from cvelistv5 – Published: 2021-09-15 16:16 – Updated: 2024-08-04 02:06
VLAI?
Summary
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T16:16:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip",
"refsource": "MISC",
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"name": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281",
"refsource": "MISC",
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39392",
"datePublished": "2021-09-15T16:16:09",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:06:42.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39392 (GCVE-0-2021-39392)
Vulnerability from nvd – Published: 2021-09-15 16:16 – Updated: 2024-08-04 02:06
VLAI?
Summary
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T16:16:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers\u0027 installations) in web.config, and can be used to send serialized ASP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip",
"refsource": "MISC",
"url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip"
},
{
"name": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281",
"refsource": "MISC",
"url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39392",
"datePublished": "2021-09-15T16:16:09",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:06:42.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}