Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by armorx
CVE-2024-4303 (GCVE-0-2024-4303)
Vulnerability from cvelistv5 – Published: 2024-04-29 05:56 – Updated: 2024-08-01 20:33
VLAI
Title
ArmorX Android APP - MFA Bypass
Summary
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7781-ef309-1.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ArmorX | ArmorX APP |
Affected:
earlier , ≤ 1.5.2
(custom)
|
|
| armorx | android_app |
Affected:
-
cpe:2.3:a:armorx:android_app:-:*:*:*:*:*:*:* |
Date Public
2024-04-29 05:51
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:armorx:android_app:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android_app",
"vendor": "armorx",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T14:34:00.460543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:11.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7781-ef309-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "ArmorX APP",
"vendor": "ArmorX ",
"versions": [
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-04-29T05:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ArmorX Android APP\u0027s multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP."
}
],
"value": "ArmorX Android APP\u0027s multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T05:56:42.761Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7781-ef309-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v.1.5.3 or later version (release on 20230919)"
}
],
"value": "Update to v.1.5.3 or later version (release on 20230919)"
}
],
"source": {
"advisory": "\tTVN-202404014",
"discovery": "EXTERNAL"
},
"title": " ArmorX Android APP - MFA Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-4303",
"datePublished": "2024-04-29T05:56:42.761Z",
"dateReserved": "2024-04-29T03:23:16.491Z",
"dateUpdated": "2024-08-01T20:33:53.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3922 (GCVE-0-2020-3922)
Vulnerability from cvelistv5 – Published: 2020-03-18 06:40 – Updated: 2024-09-17 00:02
VLAI
Title
ArmorX LisoMail - SQL Injection
Summary
LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.
Severity
9.8 (Critical)
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gist.github.com/tonykuo76/50350af9b77eb51… | x_refsource_MISC |
| https://www.chtsecurity.com/news/2fd99e6e-819f-42… | x_refsource_MISC |
| https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html | x_refsource_MISC |
Date Public
2020-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/2fd99e6e-819f-42b4-a7fe-6bc7eeae155c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LisoMail",
"vendor": "ArmorX",
"versions": [
{
"lessThan": "2017",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T06:40:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/2fd99e6e-819f-42b4-a7fe-6bc7eeae155c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Install the latest patch provided by the vendor."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ArmorX LisoMail - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-18T07:00:00.000Z",
"ID": "CVE-2020-3922",
"STATE": "PUBLIC",
"TITLE": "ArmorX LisoMail - SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LisoMail",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "2017"
}
]
}
}
]
},
"vendor_name": "ArmorX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2",
"refsource": "MISC",
"url": "https://gist.github.com/tonykuo76/50350af9b77eb51f5ab55964a35f47f2"
},
{
"name": "https://www.chtsecurity.com/news/2fd99e6e-819f-42b4-a7fe-6bc7eeae155c",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/2fd99e6e-819f-42b4-a7fe-6bc7eeae155c"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3437-17241-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Install the latest patch provided by the vendor."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3922",
"datePublished": "2020-03-18T06:40:15.213Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:24.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}