Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by Thales
CVE-2026-3457 (GCVE-0-2026-3457)
Vulnerability from cvelistv5 – Published: 2026-03-27 09:05 – Updated: 2026-03-27 13:45
VLAI
Title
Stored XSS vulnerability in Sentinel ACC
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.thalesgroup.com/csm?id=kb_a… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel LDK Runtime |
Affected:
0 , < 10.22
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:06:20.772171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:45:21.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Sentinel LDK Runtime",
"vendor": "Thales",
"versions": [
{
"lessThan": "10.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thales:sentinel_ldk_runtime:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "10.22",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Josh Dillon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.\u003cp\u003eThis issue affects Sentinel LDK Runtime: before 10.22.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T09:05:48.226Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=5c18186b478aa950128dca72e36d4391\u0026sysparm_article=KB0027106"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade current Sentinel\nLDK Runtime to version 10.22 or higher."
}
],
"value": "Upgrade current Sentinel\nLDK Runtime to version 10.22 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS vulnerability in Sentinel ACC",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2026-3457",
"datePublished": "2026-03-27T09:05:48.226Z",
"dateReserved": "2026-03-02T19:33:17.694Z",
"dateUpdated": "2026-03-27T13:45:21.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0872 (GCVE-0-2026-0872)
Vulnerability from cvelistv5 – Published: 2026-02-13 08:53 – Updated: 2026-02-13 12:47
VLAI
Title
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon
Summary
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://thalesdocs.com/sta/agents/wla-windows_log… | mitigation |
| https://supportportal.thalesgroup.com/csm?sys_kb_… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Agent for Windows Logon |
Affected:
4.0.0
Affected: 4.1.1 Affected: 4.1.2 |
Date Public
2026-02-08 08:52
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T12:47:11.793545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T12:47:30.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SafeNet Agent for Windows Logon",
"vendor": "Thales",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.1.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.0.0:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.1:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.2:*:windows:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huy Kha, Director of Security Research, and the team at Netwrix"
}
],
"datePublic": "2026-02-08T08:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.\u003cp\u003eThis issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.\u003c/p\u003e"
}
],
"value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.5,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T08:53:05.621Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"mitigation"
],
"url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1\u0026id=kb_article_view\u0026sysparm_rank=1\u0026sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b\u0026sysparm_article=KB0030173"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 4.1.3."
}
],
"value": "Upgrade to version 4.1.3."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2026-0872",
"datePublished": "2026-02-13T08:53:05.621Z",
"dateReserved": "2026-01-13T09:32:05.991Z",
"dateUpdated": "2026-02-13T12:47:30.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5264 (GCVE-0-2024-5264)
Vulnerability from cvelistv5 – Published: 2024-05-23 08:40 – Updated: 2024-08-01 21:11
VLAI
Title
Network Key Transfer with AES KHT vulnerability in Luna EFT
Summary
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Luna EFT |
Affected:
2.1.0
|
|
| thalesgroup | luna_eft |
Affected:
2.1 , ≤ *
(custom)
cpe:2.3:a:thalesgroup:luna_eft:2.1:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:luna_eft:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "luna_eft",
"vendor": "thalesgroup",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:41:30.681683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:41:33.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=50da3cd9c302c218204e2a6ce00131b9\u0026sysparm_article=KB0028531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Network Key Transfer with AES KHT"
],
"platforms": [
"Appliance"
],
"product": "Luna EFT",
"vendor": "Thales",
"versions": [
{
"status": "affected",
"version": "2.1.0"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Network Transfer with AES KHT"
}
],
"value": "Network Transfer with AES KHT"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cory Whitesell, Sr. Security Engineer, Transaction Network Services"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis"
}
],
"value": "Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis"
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T08:40:56.239Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=50da3cd9c302c218204e2a6ce00131b9\u0026sysparm_article=KB0028531"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Network Key Transfer with AES KHT vulnerability in Luna EFT",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable functionality in the console - see linked bulletin"
}
],
"value": "Disable functionality in the console - see linked bulletin"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2024-5264",
"datePublished": "2024-05-23T08:40:56.239Z",
"dateReserved": "2024-05-23T08:39:05.391Z",
"dateUpdated": "2024-08-01T21:11:11.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0197 (GCVE-0-2024-0197)
Vulnerability from cvelistv5 – Published: 2024-02-27 12:48 – Updated: 2024-08-09 15:26
VLAI
Title
Privilege Escalation in Thales SafeNet Sentinel HASP LDK
Summary
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel HASP LDK |
Affected:
0 , < 9.16
(9.16)
|
|
| thalesgroup | safenet_sentinel_hasp |
Affected:
0 , < 9.16
(custom)
cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:* |
|
| thalesgroup | safenet_sentinel_ldk |
Affected:
0 , ≤ 9.16
(custom)
cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:* |
Date Public
2024-02-15 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_sentinel_hasp",
"vendor": "thalesgroup",
"versions": [
{
"lessThan": "9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_sentinel_ldk",
"vendor": "thalesgroup",
"versions": [
{
"lessThanOrEqual": "9.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:56:38.989974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:26:44.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Sentinel HASP LDK",
"vendor": "Thales",
"versions": [
{
"lessThan": "9.16",
"status": "affected",
"version": "0",
"versionType": "9.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Julian Horoszkiewicz (Eviden Red Team)"
}
],
"datePublic": "2024-02-15T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
}
],
"value": "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T12:48:13.263Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Thales Sentinel LDK version 9.16.\u003cbr\u003e"
}
],
"value": "Upgrade to Thales Sentinel LDK version 9.16.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in Thales SafeNet Sentinel HASP LDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2024-0197",
"datePublished": "2024-02-27T12:48:13.263Z",
"dateReserved": "2024-01-02T15:23:33.572Z",
"dateUpdated": "2024-08-09T15:26:44.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7016 (GCVE-0-2023-7016)
Vulnerability from cvelistv5 – Published: 2024-02-27 10:45 – Updated: 2024-08-15 18:53
VLAI
Title
Privilege Escalation in SafeNet Authentication Client
Summary
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Authentication Client |
Affected:
0 , < 10.8
(patch 10)
|
|
| thalesgroup | safenet_authentication_client |
Affected:
0 , < 10.8
(custom)
cpe:2.3:a:thalesgroup:safenet_authentication_client:*:*:*:*:*:*:*:* |
Date Public
2024-02-18 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_authentication_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_authentication_client",
"vendor": "thalesgroup",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:17:31.490247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:53:46.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SafeNet Authentication Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "patch 10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kravets Vasiliy, xi-tauw@xi-tauw.info"
}
],
"datePublic": "2024-02-18T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access."
}
],
"value": "A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T10:45:28.333Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA).\u003cbr\u003e"
}
],
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA).\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in SafeNet Authentication Client ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2023-7016",
"datePublished": "2024-02-27T10:45:28.333Z",
"dateReserved": "2023-12-20T15:48:00.568Z",
"dateUpdated": "2024-08-15T18:53:46.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5993 (GCVE-0-2023-5993)
Vulnerability from cvelistv5 – Published: 2024-02-27 10:42 – Updated: 2024-08-08 19:28
VLAI
Title
Privilege Escalation in SafeNet Authentication Client Installer
Summary
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Authentication Client |
Affected:
0 , < 10.8
(patch 10)
|
|
| thalesgroup | safenet_authentication_client |
Affected:
0 , < 10.8
(custom)
cpe:2.3:a:thalesgroup:safenet_authentication_client:*:*:*:*:*:*:*:* |
Date Public
2024-02-18 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_authentication_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_authentication_client",
"vendor": "thalesgroup",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:39:53.382676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:28:36.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SafeNet Authentication Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "patch 10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kravets Vasiliy, xi-tauw@xi-tauw.info"
}
],
"datePublic": "2024-02-18T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access."
}
],
"value": "A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T10:42:08.287Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA)."
}
],
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in SafeNet Authentication Client Installer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2023-5993",
"datePublished": "2024-02-27T10:42:08.287Z",
"dateReserved": "2023-11-07T16:29:48.850Z",
"dateUpdated": "2024-08-08T19:28:36.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2737 (GCVE-0-2023-2737)
Vulnerability from cvelistv5 – Published: 2023-08-16 15:45 – Updated: 2024-10-01 18:19
VLAI
Title
Improper securing of log directory may allow a denial of service
Summary
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Authtentication Service Agent |
Affected:
SafeNet Authentication Service Agent , < 3.6.1
(3.6.0)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=08f460ba47bba550c0e42e61e36d432f\u0026sysparm_article=KB0027485"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:13:42.811602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:19:57.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SafeNet Authtentication Service Agent",
"vendor": "Thales",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "SafeNet Authentication Service Agent ",
"versionType": "3.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Florian Hansemann, https://hansesecure.de"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper log permissions in SafeNet Authentication Service\u0026nbsp;Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.\u003cbr\u003e"
}
],
"value": "Improper log permissions in SafeNet Authentication Service\u00a0Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T15:45:29.540Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=08f460ba47bba550c0e42e61e36d432f\u0026sysparm_article=KB0027485"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper securing of log directory may allow a denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2023-2737",
"datePublished": "2023-08-16T15:45:29.540Z",
"dateReserved": "2023-05-16T13:48:23.279Z",
"dateUpdated": "2024-10-01T18:19:57.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1293 (GCVE-0-2022-1293)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:24 – Updated: 2024-09-16 23:46
VLAI
Title
XSS vulnerability in Citadel
Summary
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
Severity
5.7 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ercom.com/security-updates | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Citadel Web Client |
Affected:
7.1.1 , < 7.1.2
(custom)
|
|
| Thales | Citadel Macosx Desktop Client |
Affected:
7.1.1 , < 7.1.2
(custom)
|
|
| Thales | Citadel Windows Desktop Client |
Affected:
7.1.1 , < 7.1.2
(custom)
|
Date Public
2022-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ercom.com/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Web Client"
],
"product": "Citadel Web Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "7.1.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Macosx"
],
"product": "Citadel Macosx Desktop Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "7.1.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Citadel Windows Desktop Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "7.1.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T17:56:59.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ercom.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 7.1.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability in Citadel",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"DATE_PUBLIC": "2022-08-01T00:00:00.000Z",
"ID": "CVE-2022-1293",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability in Citadel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citadel Web Client",
"version": {
"version_data": [
{
"platform": "Web Client",
"version_affected": "\u003c",
"version_name": "7.1.1",
"version_value": "7.1.2"
}
]
}
},
{
"product_name": "Citadel Macosx Desktop Client",
"version": {
"version_data": [
{
"platform": "Macosx",
"version_affected": "\u003c",
"version_name": "7.1.1",
"version_value": "7.1.2"
}
]
}
},
{
"product_name": "Citadel Windows Desktop Client",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.1.1",
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ercom.com/security-updates",
"refsource": "MISC",
"url": "https://www.ercom.com/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 7.1.2"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2022-1293",
"datePublished": "2022-08-02T15:24:27.869Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:35.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42810 (GCVE-0-2021-42810)
Vulnerability from cvelistv5 – Published: 2022-01-19 17:12 – Updated: 2024-09-17 01:41
VLAI
Title
Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users
Summary
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
Severity
7.8 (High)
CWE
- CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/support/security-updates | x_refsource_MISC |
| https://github.com/mandiant/Vulnerability-Disclos… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Authentication Service |
Affected:
Remote Desktop Gateway , < 2.0.3
(custom)
|
Date Public
2022-01-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SafeNet Authentication Service",
"vendor": "Thales",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "Remote Desktop Gateway",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ronnie Salomonsen, Mandiant"
}
],
"datePublic": "2022-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-336",
"description": "CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T18:48:10.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Safenet Authentication Service Remote Desktop Gateway to version 2.0.3 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"DATE_PUBLIC": "2022-01-19T00:00:00.000Z",
"ID": "CVE-2021-42810",
"STATE": "PUBLIC",
"TITLE": "Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SafeNet Authentication Service",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Remote Desktop Gateway",
"version_value": "2.0.3"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ronnie Salomonsen, Mandiant"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/support/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Safenet Authentication Service Remote Desktop Gateway to version 2.0.3 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42810",
"datePublished": "2022-01-19T17:12:02.882Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42808 (GCVE-0-2021-42808)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
Title
The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
Summary
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Severity
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:10.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42808",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42808",
"datePublished": "2021-12-20T20:19:10.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42809 (GCVE-0-2021-42809)
Vulnerability from cvelistv5 – Published: 2021-12-20 20:19 – Updated: 2024-08-04 03:38
VLAI
Title
The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library
Summary
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
Severity
6.5 (Medium)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cpl.thalesgroup.com/fr/software-monetizat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | Sentinel Protection Installer |
Affected:
7.7.0 , ≤ 7.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Sentinel Protection Installer",
"vendor": "Thales",
"versions": [
{
"lessThanOrEqual": "7.7.0",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Intel Corp"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:19:09.000Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@thalesgroup.com",
"ID": "CVE-2021-42809",
"STATE": "PUBLIC",
"TITLE": "The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sentinel Protection Installer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "7.7.0",
"version_value": "7.7.0"
}
]
}
}
]
},
"vendor_name": "Thales"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Intel Corp"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates",
"refsource": "MISC",
"url": "https://cpl.thalesgroup.com/fr/software-monetization/security-updates"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sentinel Protection Installer to version 7.7.1 or newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2021-42809",
"datePublished": "2021-12-20T20:19:09.000Z",
"dateReserved": "2021-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}