CWE-303
Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
CVE-2023-29357 (GCVE-0-2023-29357)
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10399.20005 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SharePoint Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29357",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:37:16.342363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29357"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:24.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T00:00:00+00:00",
"value": "CVE-2023-29357 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10399.20005",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10399.20005",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-06-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SharePoint Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:43:52.658Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357"
}
],
"title": "Microsoft SharePoint Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29357",
"datePublished": "2023-06-13T23:26:02.860Z",
"dateReserved": "2023-04-04T22:34:18.384Z",
"dateUpdated": "2025-07-30T01:37:24.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4332 (GCVE-0-2024-4332)
Vulnerability from cvelistv5
Published
2024-06-03 17:38
Modified
2025-08-29 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Tripwire Enterprise |
Version: 9.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:tripwire_enterprise:9.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tripwire_enterprise",
"vendor": "fortra",
"versions": [
{
"status": "affected",
"version": "9.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T03:56:07.398810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T10:00:29.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"API authentication",
"REST API",
"SOAP API"
],
"product": "Tripwire Enterprise",
"vendor": "Fortra",
"versions": [
{
"status": "affected",
"version": "9.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional \"Auto-synchronize LDAP Users, Roles, and Groups\" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.\n\n \n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional \"Auto-synchronize LDAP Users, Roles, and Groups\" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:20:21.394Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"url": "https://www.fortra.com/security/advisory/fi-2024-006"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Tripwire Enterprise 9.1.1 or higher to remediate the vulnerability."
}
],
"value": "Upgrade to Tripwire Enterprise 9.1.1 or higher to remediate the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication in Tripwire Enterprise 9.1.0 APIs",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To mitigate this issue in TE 9.1.0, disable the \"Auto-synchronize LDAP Users, Roles, and Groups\" feature when using LDAP/Active Directory SAML authentication. Be aware that doing so will disable API functionality. To continue using the APIs, configure an alternate login method or upgrade to TE 9.1.1 or higher."
}
],
"value": "To mitigate this issue in TE 9.1.0, disable the \"Auto-synchronize LDAP Users, Roles, and Groups\" feature when using LDAP/Active Directory SAML authentication. Be aware that doing so will disable API functionality. To continue using the APIs, configure an alternate login method or upgrade to TE 9.1.1 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-4332",
"datePublished": "2024-06-03T17:38:54.516Z",
"dateReserved": "2024-04-29T22:31:16.171Z",
"dateUpdated": "2025-08-29T20:20:21.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5658 (GCVE-0-2024-5658)
Vulnerability from cvelistv5
Published
2024-06-06 10:32
Modified
2025-09-03 07:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Born05 | CraftCMS Plugin - Two-Factor Authentication |
Version: 0 < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:born05:craft_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "craft_cms",
"vendor": "born05",
"versions": [
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T13:23:29.089917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:24:57.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CraftCMS Plugin - Two-Factor Authentication",
"repo": "https://github.com/born05/craft-twofactorauthentication",
"vendor": "Born05",
"versions": [
{
"lessThanOrEqual": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Funder (SBA Research)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Pachmann (SBA Research)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:08:56.470Z",
"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"shortName": "sba-research"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
},
{
"tags": [
"product"
],
"url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 3.3.4 or later."
}
],
"value": "Update to version 3.3.4 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"assignerShortName": "sba-research",
"cveId": "CVE-2024-5658",
"datePublished": "2024-06-06T10:32:07.239Z",
"dateReserved": "2024-06-05T16:36:00.494Z",
"dateUpdated": "2025-09-03T07:08:56.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7593 (GCVE-0-2024-7593)
Vulnerability from cvelistv5
Published
2024-08-13 18:17
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_traffic_manager",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2",
"status": "affected",
"version": "22.7r1",
"versionType": "custom"
},
{
"lessThan": "22.2r1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r2",
"versionType": "custom"
},
{
"lessThan": "22.6r2",
"status": "affected",
"version": "22.6r1",
"versionType": "custom"
},
{
"lessThan": "22.5r2",
"status": "affected",
"version": "22.5r1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7593",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:45:24.845483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-24",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:35.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-24T00:00:00+00:00",
"value": "CVE-2024-7593 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "vTM",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "22.2R1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:17:47.248Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-7593",
"datePublished": "2024-08-13T18:17:47.248Z",
"dateReserved": "2024-08-07T17:08:33.645Z",
"dateUpdated": "2025-07-30T01:36:35.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21311 (GCVE-0-2025-21311)
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-09-09 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
Windows NTLM V1 Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server 2025 (Server Core installation) |
Version: 10.0.26100.0 < 10.0.26100.2894 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T20:58:33.270136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:19.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.2894",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1369",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.2894",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.2894",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.2894",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1369",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.2894",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.2894",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows NTLM V1 Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T23:46:55.651Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows NTLM V1 Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311"
}
],
"title": "Windows NTLM V1 Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21311",
"datePublished": "2025-01-14T18:04:50.416Z",
"dateReserved": "2024-12-10T23:54:12.953Z",
"dateUpdated": "2025-09-09T23:46:55.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43856 (GCVE-0-2025-43856)
Vulnerability from cvelistv5
Published
2025-07-11 17:10
Modified
2025-07-11 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow this unpredictable token is generated and somehow saved in the browser session and passed to the identity provider, which will return the state parameter when redirecting the user back to immich. Before the user is logged in that parameter needs to be verified to make sure the login was actively initiated by the user in this browser session. On it's own, this wouldn't be too bad, but when immich uses the /user-settings page as a redirect_uri, it will automatically link the accounts if the user was already logged in. This means that if someone has an immich instance with a public oauth provider (like google), an attacker can - for example - embed a hidden iframe in a webpage or even just send the victim a forged oauth login url with a code that logs the victim into the attackers oauth account and redirects back to immich and links the accounts. After this, the attacker can log into the victims account using their own oauth credentials. This vulnerability is fixed in 1.132.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| immich-app | immich |
Version: < 1.132.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43856",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:12:48.333486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:13:00.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "immich",
"vendor": "immich-app",
"versions": [
{
"status": "affected",
"version": "\u003c 1.132.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow this unpredictable token is generated and somehow saved in the browser session and passed to the identity provider, which will return the state parameter when redirecting the user back to immich. Before the user is logged in that parameter needs to be verified to make sure the login was actively initiated by the user in this browser session. On it\u0027s own, this wouldn\u0027t be too bad, but when immich uses the /user-settings page as a redirect_uri, it will automatically link the accounts if the user was already logged in. This means that if someone has an immich instance with a public oauth provider (like google), an attacker can - for example - embed a hidden iframe in a webpage or even just send the victim a forged oauth login url with a code that logs the victim into the attackers oauth account and redirects back to immich and links the accounts. After this, the attacker can log into the victims account using their own oauth credentials. This vulnerability is fixed in 1.132.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:10:52.423Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm"
}
],
"source": {
"advisory": "GHSA-3832-6r8h-9cfm",
"discovery": "UNKNOWN"
},
"title": "immich allows account hijacking through oauth2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-43856",
"datePublished": "2025-07-11T17:10:52.423Z",
"dateReserved": "2025-04-17T20:07:08.555Z",
"dateUpdated": "2025-07-11T18:13:00.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57808 (GCVE-0-2025-57808)
Vulnerability from cvelistv5
Published
2025-09-02 00:26
Modified
2025-09-02 14:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635 | x_refsource_CONFIRM | |
| https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:03:56.354112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T14:03:58.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esphome",
"vendor": "esphome",
"versions": [
{
"status": "affected",
"version": "= 2025.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome\u0027s web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T00:26:09.017Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635"
},
{
"name": "https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5"
}
],
"source": {
"advisory": "GHSA-mxh2-ccgj-8635",
"discovery": "UNKNOWN"
},
"title": "ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57808",
"datePublished": "2025-09-02T00:26:09.017Z",
"dateReserved": "2025-08-20T14:30:35.010Z",
"dateUpdated": "2025-09-02T14:03:58.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-90: Reflection Attack in Authentication Protocol
An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.