Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by FIWARE

    CVE-2024-42167 (GCVE-0-2024-42167)

    Vulnerability from nvd – Published: 2024-08-12 11:38 – Updated: 2024-08-12 14:20
    VLAI
    Title
    Command Injection in Organisationname
    Summary
    The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    fiware keyrock Affected: 0 , ≤ 8.4 (custom)
        cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyrock",
                "vendor": "fiware",
                "versions": [
                  {
                    "lessThanOrEqual": "8.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T14:02:57.512640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T14:20:39.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock \u0026lt;= 8.4\u0026nbsp;does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."
                }
              ],
              "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock \u003c= 8.4\u00a0does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:38:35.988Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in Organisationname",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42167",
        "datePublished": "2024-08-12T11:38:35.988Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T14:20:39.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42166 (GCVE-0-2024-42166)

    Vulnerability from nvd – Published: 2024-08-12 11:36 – Updated: 2024-08-12 13:46
    VLAI
    Title
    Command Injection in Applicationname
    Summary
    The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    fiware keyrock Affected: 0 , ≤ 8.4 (custom)
        cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyrock",
                "vendor": "fiware",
                "versions": [
                  {
                    "lessThanOrEqual": "8.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:38:25.936495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:46:39.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The function \"generate_app_certificates\" in lib/app_certificates.js of FIWARE Keyrock \u0026lt;= 8.4 does not\u0026nbsp;neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name."
                }
              ],
              "value": "The function \"generate_app_certificates\" in lib/app_certificates.js of FIWARE Keyrock \u003c= 8.4 does not\u00a0neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:36:28.386Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in Applicationname",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42166",
        "datePublished": "2024-08-12T11:36:28.386Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T13:46:39.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42165 (GCVE-0-2024-42165)

    Vulnerability from nvd – Published: 2024-08-12 11:33 – Updated: 2024-08-12 12:23
    VLAI
    Title
    Arbitrary User Activation
    Summary
    Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T12:22:40.705616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T12:23:11.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating activation token in FIWARE Keyrock \u0026lt;= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link."
                }
              ],
              "value": "Insufficiently random values for generating activation token in FIWARE Keyrock \u003c= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-59",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-59 Session Credential Falsification through Prediction"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:33:39.049Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary User Activation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42165",
        "datePublished": "2024-08-12T11:33:39.049Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T12:23:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42164 (GCVE-0-2024-42164)

    Vulnerability from nvd – Published: 2024-08-12 11:27 – Updated: 2024-08-12 13:13
    VLAI
    Title
    Disabling MFA without Authentication
    Summary
    Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:12:57.671150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:13:06.556Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u0026lt;= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link."
                }
              ],
              "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u003c= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:27:17.672Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Disabling MFA without Authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42164",
        "datePublished": "2024-08-12T11:27:17.672Z",
        "dateReserved": "2024-07-29T20:49:58.924Z",
        "dateUpdated": "2024-08-12T13:13:06.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42163 (GCVE-0-2024-42163)

    Vulnerability from nvd – Published: 2024-08-12 11:21 – Updated: 2024-08-12 16:11
    VLAI
    Title
    Password Manipulation
    Summary
    Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T16:10:48.449249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T16:11:16.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u0026lt;= 8.4 allow\u0026nbsp;attackers to take over the account of any user by predicting the token for the password reset link."
                }
              ],
              "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u003c= 8.4 allow\u00a0attackers to take over the account of any user by predicting the token for the password reset link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:21:54.443Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Password Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42163",
        "datePublished": "2024-08-12T11:21:54.443Z",
        "dateReserved": "2024-07-29T20:49:58.924Z",
        "dateUpdated": "2024-08-12T16:11:16.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42167 (GCVE-0-2024-42167)

    Vulnerability from cvelistv5 – Published: 2024-08-12 11:38 – Updated: 2024-08-12 14:20
    VLAI
    Title
    Command Injection in Organisationname
    Summary
    The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    fiware keyrock Affected: 0 , ≤ 8.4 (custom)
        cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyrock",
                "vendor": "fiware",
                "versions": [
                  {
                    "lessThanOrEqual": "8.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T14:02:57.512640Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T14:20:39.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock \u0026lt;= 8.4\u0026nbsp;does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."
                }
              ],
              "value": "The function \"generate_app_certificates\" in controllers/saml2/saml2.js of FIWARE Keyrock \u003c= 8.4\u00a0does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:38:35.988Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in Organisationname",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42167",
        "datePublished": "2024-08-12T11:38:35.988Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T14:20:39.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42166 (GCVE-0-2024-42166)

    Vulnerability from cvelistv5 – Published: 2024-08-12 11:36 – Updated: 2024-08-12 13:46
    VLAI
    Title
    Command Injection in Applicationname
    Summary
    The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    fiware keyrock Affected: 0 , ≤ 8.4 (custom)
        cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fiware:keyrock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "keyrock",
                "vendor": "fiware",
                "versions": [
                  {
                    "lessThanOrEqual": "8.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:38:25.936495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:46:39.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The function \"generate_app_certificates\" in lib/app_certificates.js of FIWARE Keyrock \u0026lt;= 8.4 does not\u0026nbsp;neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name."
                }
              ],
              "value": "The function \"generate_app_certificates\" in lib/app_certificates.js of FIWARE Keyrock \u003c= 8.4 does not\u00a0neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:36:28.386Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection in Applicationname",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42166",
        "datePublished": "2024-08-12T11:36:28.386Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T13:46:39.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42165 (GCVE-0-2024-42165)

    Vulnerability from cvelistv5 – Published: 2024-08-12 11:33 – Updated: 2024-08-12 12:23
    VLAI
    Title
    Arbitrary User Activation
    Summary
    Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-330 - Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T12:22:40.705616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T12:23:11.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating activation token in FIWARE Keyrock \u0026lt;= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link."
                }
              ],
              "value": "Insufficiently random values for generating activation token in FIWARE Keyrock \u003c= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-59",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-59 Session Credential Falsification through Prediction"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-330",
                  "description": "CWE-330 Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:33:39.049Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arbitrary User Activation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42165",
        "datePublished": "2024-08-12T11:33:39.049Z",
        "dateReserved": "2024-07-29T20:49:58.925Z",
        "dateUpdated": "2024-08-12T12:23:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42164 (GCVE-0-2024-42164)

    Vulnerability from cvelistv5 – Published: 2024-08-12 11:27 – Updated: 2024-08-12 13:13
    VLAI
    Title
    Disabling MFA without Authentication
    Summary
    Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:12:57.671150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:13:06.556Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u0026lt;= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link."
                }
              ],
              "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u003c= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:27:17.672Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Disabling MFA without Authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42164",
        "datePublished": "2024-08-12T11:27:17.672Z",
        "dateReserved": "2024-07-29T20:49:58.924Z",
        "dateUpdated": "2024-08-12T13:13:06.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42163 (GCVE-0-2024-42163)

    Vulnerability from cvelistv5 – Published: 2024-08-12 11:21 – Updated: 2024-08-12 16:11
    VLAI
    Title
    Password Manipulation
    Summary
    Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    FIWARE FIWARE Keyrock Affected: 0 , ≤ 8.4 (custom)
    Create a notification for this product.
    Credits
    Wolfgang Hotwagner (Austrian Institute of Technology)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T16:10:48.449249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T16:11:16.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FIWARE Keyrock",
              "vendor": "FIWARE",
              "versions": [
                {
                  "lessThanOrEqual": "8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Hotwagner (Austrian Institute of Technology)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u0026lt;= 8.4 allow\u0026nbsp;attackers to take over the account of any user by predicting the token for the password reset link."
                }
              ],
              "value": "Insufficiently random values for generating password reset token in FIWARE Keyrock \u003c= 8.4 allow\u00a0attackers to take over the account of any user by predicting the token for the password reset link."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-12T11:21:54.443Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Password Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-42163",
        "datePublished": "2024-08-12T11:21:54.443Z",
        "dateReserved": "2024-07-29T20:49:58.924Z",
        "dateUpdated": "2024-08-12T16:11:16.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }