Common Weakness Enumeration

CWE-319

Allowed

Cleartext Transmission of Sensitive Information

Abstraction: Base · Status: Draft

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

1147 vulnerabilities reference this CWE, most recent first.

CVE-2024-21406 (GCVE-0-2024-21406)

Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-08 15:40
VLAI
Title
Windows Printing Service Spoofing Vulnerability
Summary
Windows Printing Service Spoofing Vulnerability
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.5458 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.5458 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.5458 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.5458 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.2322 (custom)
Create a notification for this product.
Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.2777 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19043.0 , < 10.0.19044.4046 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.3155 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.4046 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H3 Affected: 10.0.22631.0 , < 10.0.22631.3155 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 23H2 Affected: 10.0.22631.0 , < 10.0.22631.3155 (custom)
Create a notification for this product.
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) Affected: 10.0.25398.0 , < 10.0.25398.709 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.20469 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.6709 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.6709 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.6709 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26961 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26961 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24710 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24710 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.21813 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.21813 (custom)
Create a notification for this product.
Date Public
2024-02-13 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Printing Service Spoofing Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-13T19:24:40.484205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T15:40:28.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2322",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2777",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4046",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3155",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4046",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3155",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3155",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.709",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20469",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6709",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6709",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6709",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26961",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26961",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24710",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24710",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21813",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21813",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.5458",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.5458",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5458",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.5458",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.2322",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2777",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.4046",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.3155",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.4046",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.3155",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.3155",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.709",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20469",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6709",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6709",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6709",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26961",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26961",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24710",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24710",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21813",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21813",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Printing Service Spoofing Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:37:44.793Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Printing Service Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
        }
      ],
      "title": "Windows Printing Service Spoofing Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21406",
    "datePublished": "2024-02-13T18:02:47.978Z",
    "dateReserved": "2023-12-08T22:45:21.299Z",
    "dateUpdated": "2025-05-08T15:40:28.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-13872 (GCVE-0-2024-13872)

Vulnerability from cvelistv5 – Published: 2025-03-12 11:47 – Updated: 2025-03-12 14:09 Unsupported When Assigned
VLAI
Title
Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so
Summary
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Bitdefender BOX v1 Affected: 1.3.11.490 , < 1.3.11.505 (custom)
Create a notification for this product.
Date Public
2025-03-01 10:47
Credits
Alan Cao
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:04:03.269492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T14:09:37.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BOX v1",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "1.3.11.505",
              "status": "affected",
              "version": "1.3.11.490",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alan Cao"
        }
      ],
      "datePublic": "2025-03-01T10:47:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eBitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.\u003c/div\u003e"
            }
          ],
          "value": "Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Adversary in the Middle (AiTM)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T11:47:46.419Z",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "url": "https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An automatic update to version 1.3.11.505 fixes the issue."
            }
          ],
          "value": "An automatic update to version 1.3.11.505 fixes the issue."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2024-13872",
    "datePublished": "2025-03-12T11:47:46.419Z",
    "dateReserved": "2025-02-13T17:36:46.927Z",
    "dateUpdated": "2025-03-12T14:09:37.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12378 (GCVE-0-2024-12378)

Vulnerability from cvelistv5 – Published: 2025-05-08 19:05 – Updated: 2025-05-08 19:18
VLAI
Title
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
Summary
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Arista Networks CloudVision Portal Affected: 4.32.0 , ≤ 4.32.2F (custom)
Affected: 4.31.0 , ≤ 4.31.6M (custom)
Affected: 4.30.0 , ≤ 4.30.8M (custom)
Affected: 4.29.0 , ≤ 4.29.9M (custom)
Affected: 4.28.0 , ≤ 4.28.12M (custom)
Affected: 4.27.0 , ≤ 4.27.12M (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T19:16:38.893940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T19:18:27.314Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CloudVision Portal",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "4.32.2F",
              "status": "affected",
              "version": "4.32.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.31.6M",
              "status": "affected",
              "version": "4.31.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.30.8M",
              "status": "affected",
              "version": "4.30.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.29.9M",
              "status": "affected",
              "version": "4.29.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.28.12M",
              "status": "affected",
              "version": "4.28.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.27.12M",
              "status": "affected",
              "version": "4.27.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-12378, the following condition must be met:\u003c/p\u003e\u003cp\u003eSecure Vxlan must be configured.\u003c/p\u003e\u003cp\u003eThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;         Source \u0026nbsp; \u0026nbsp;  Dest \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Status \u0026nbsp;  \u0026nbsp; \u0026nbsp; Uptime \u0026nbsp; \u0026nbsp;  Input  \u0026nbsp; \u0026nbsp;Output \u0026nbsp; \u0026nbsp; Rekey       Time\nvxlansec-default-1.0.2.1 1.0.1.1  \u0026nbsp;  1.0.2.1  \u0026nbsp;  \u003cb\u003eEstablished\u003c/b\u003e\u0026nbsp;    19 minutes  0 bytes  \u0026nbsp;152 bytes             \u0026nbsp;24 minutes\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  \u0026nbsp; 0 pkts \u0026nbsp; \u0026nbsp;2 pkts\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eA normal encrypted connection will show the status as \u201cestablished\u201d.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "In order to be vulnerable to CVE-2024-12378, the following condition must be met:\n\nSecure Vxlan must be configured.\n\nThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\n\nswitch\u003e show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u00a0 \u00a0 \u00a0 \u00a0 \u00a0         Source \u00a0 \u00a0  Dest \u00a0 \u00a0 \u00a0 \u00a0Status \u00a0  \u00a0 \u00a0 Uptime \u00a0 \u00a0  Input  \u00a0 \u00a0Output \u00a0 \u00a0 Rekey       Time\nvxlansec-default-1.0.2.1 1.0.1.1  \u00a0  1.0.2.1  \u00a0  Established\u00a0    19 minutes  0 bytes  \u00a0152 bytes             \u00a024 minutes\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  \u00a0 0 pkts \u00a0 \u00a02 pkts\n\n\n\u00a0\n\nA normal encrypted connection will show the status as \u201cestablished\u201d."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
            }
          ],
          "value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T19:05:22.320Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-12378 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-12378 has been fixed in the following releases:\n\n  *  4.33.0F and later releases in the 4.33.x train\n  *  4.32.3M and later releases in the 4.32.x train\n  *  4.31.7M and later releases in the 4.31.x train\n  *  4.30.9M and later releases in the 4.30.x train\n  *  4.29.10M and later releases in the 4.29.x train"
        }
      ],
      "source": {
        "advisory": "113",
        "defect": [
          "BUG 997526"
        ],
        "discovery": "INTERNAL"
      },
      "title": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe workaround is to remove and re-apply security profiles for each secure VTEP.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show vxlan security profile\nVTEP  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Security Profile\n------------- ----------------\n1.0.2.1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; p1\nswitch\u0026gt; en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "The workaround is to remove and re-apply security profiles for each secure VTEP.\n\nswitch\u003e show vxlan security profile\nVTEP  \u00a0 \u00a0 \u00a0 \u00a0 Security Profile\n------------- ----------------\n1.0.2.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 p1\nswitch\u003e en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-12378",
    "datePublished": "2025-05-08T19:05:22.320Z",
    "dateReserved": "2024-12-09T18:19:27.219Z",
    "dateUpdated": "2025-05-08T19:18:27.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11946 (GCVE-0-2024-11946)

Vulnerability from cvelistv5 – Published: 2024-12-30 20:12 – Updated: 2024-12-30 22:59
VLAI
Title
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
Summary
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
zdi
References
Impacted products
Vendor Product Version
iXsystems TrueNAS CORE Affected: 13.3-RELEASE
Create a notification for this product.
Date Public
2024-12-20 01:15
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-30T22:58:53.294782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-30T22:59:36.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TrueNAS CORE",
          "vendor": "iXsystems",
          "versions": [
            {
              "status": "affected",
              "version": "13.3-RELEASE"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-27T23:37:33.541Z",
      "datePublic": "2024-12-20T01:15:47.308Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-30T20:12:23.839Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1644",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar from Computest Sector 7"
      },
      "title": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11946",
    "datePublished": "2024-12-30T20:12:23.839Z",
    "dateReserved": "2024-11-27T23:37:33.514Z",
    "dateUpdated": "2024-12-30T22:59:36.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10973 (GCVE-0-2024-10973)

Vulnerability from cvelistv5 – Published: 2024-12-17 22:59 – Updated: 2025-11-20 18:12
VLAI
Title
Keycloak: cli option for encrypted jgroups ignored
Summary
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2024-10973 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2324361 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Unaffected: 22.0 , < 23.0 (semver)
Unaffected: 24.0 , < 25.0 (semver)
Unaffected: 26.0.6 , < * (semver)
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
Create a notification for this product.
Date Public
2024-11-07 00:00
Credits
Red Hat would like to thank philliphnguyen for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T16:25:38.326417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T16:26:12.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "23.0",
              "status": "unaffected",
              "version": "22.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0",
              "status": "unaffected",
              "version": "24.0",
              "versionType": "semver"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-quarkus-server",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank philliphnguyen for reporting this issue."
        }
      ],
      "datePublic": "2024-11-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:12:13.352Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10973"
        },
        {
          "name": "RHBZ#2324361",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324361"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-07T12:09:22.885Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-11-07T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: cli option for encrypted jgroups ignored",
      "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10973",
    "datePublished": "2024-12-17T22:59:38.518Z",
    "dateReserved": "2024-11-07T16:42:52.079Z",
    "dateUpdated": "2025-11-20T18:12:13.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-9834 (GCVE-0-2024-9834)

Vulnerability from cvelistv5 – Published: 2024-11-14 20:57 – Updated: 2024-11-15 15:10
VLAI
Title
Improper data protection on Life2000 ventilator serial interface
Summary
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Baxter Life2000 Ventilation System Affected: 06.08.00.00 and prior
Create a notification for this product.
baxter life2000_ventilator_firmware Affected: 0 , ≤ 06.08.00.00 (custom)
    cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-14 20:43
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "life2000_ventilator_firmware",
            "vendor": "baxter",
            "versions": [
              {
                "lessThanOrEqual": "06.08.00.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9834",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T15:09:40.431805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:10:40.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Life2000 Ventilation System",
          "vendor": "Baxter",
          "versions": [
            {
              "status": "affected",
              "version": "06.08.00.00 and prior"
            }
          ]
        }
      ],
      "datePublic": "2024-11-14T20:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
            }
          ],
          "value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-117",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-117 Interception"
            }
          ]
        },
        {
          "capecId": "CAPEC-441",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-441 Malicious Logic Insertion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T21:47:25.133Z",
        "orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
        "shortName": "Baxter"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper data protection on Life2000 ventilator serial interface",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
    "assignerShortName": "Baxter",
    "cveId": "CVE-2024-9834",
    "datePublished": "2024-11-14T20:57:22.734Z",
    "dateReserved": "2024-10-10T19:24:48.834Z",
    "dateUpdated": "2024-11-15T15:10:40.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9620 (GCVE-0-2024-9620)

Vulnerability from cvelistv5 – Published: 2024-10-08 16:25 – Updated: 2025-11-20 20:58
VLAI
Title
Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption
Summary
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2024-9620 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2317129 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 2.4 (semver)
Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
Create a notification for this product.
Date Public
2024-10-08 00:00
Credits
This issue was discovered by Enzo Ferreira (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T17:42:34.191580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T17:43:09.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/ansible/ansible",
          "defaultStatus": "affected",
          "packageName": "event-driven-automation",
          "versions": [
            {
              "lessThan": "2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2"
          ],
          "defaultStatus": "affected",
          "packageName": "event_driven",
          "product": "Red Hat Ansible Automation Platform 2",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Enzo Ferreira (Red Hat)."
        }
      ],
      "datePublic": "2024-10-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T20:58:17.772Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9620"
        },
        {
          "name": "RHBZ#2317129",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317129"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-08T00:49:58.428Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption",
      "x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9620",
    "datePublished": "2024-10-08T16:25:39.944Z",
    "dateReserved": "2024-10-08T00:58:15.815Z",
    "dateUpdated": "2025-11-20T20:58:17.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8059 (GCVE-0-2024-8059)

Vulnerability from cvelistv5 – Published: 2024-09-13 17:27 – Updated: 2024-09-13 17:55
VLAI
Summary
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Lenovo HX5530 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX7530 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo ST250 V3 (ThinkSystem) XCC Affected: 0 , < 3.10 CTX318G (custom)
Create a notification for this product.
Lenovo VX3331 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX Enclosure Certified Node (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo HX1021 Edge Certified Node 3yr (ThinkAgile) XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo HX1320 Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX1321 Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX1331 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX1520-R Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX1521-R Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX2320-E Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX2321 Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX2330 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX2331 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX2720-E Appliance (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo HX3320 Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX3321 Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX3330 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX3331 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX3331 Node SAP HANA (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX3375 Appliance (ThinkAgile) XCC Affected: 0 , < 5.80 D8BT66D (custom)
Create a notification for this product.
Lenovo HX3376 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.80 D8BT66D (custom)
Create a notification for this product.
Lenovo HX3520-G Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX3521-G Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX3720 Appliance (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo HX3721 Certified Node (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo HX5520 Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX5520-C Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX5521 Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX5521-C Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX5531 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX7520 Appliance (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX7521 Certified Node (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo HX7530 Appl for SAP HANA (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX7531 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX7531 Node SAP HANA (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo HX7820 Appliance (ThinkAgile) XCC Affected: 0 , < 3.20 PSI356B (custom)
Create a notification for this product.
Lenovo HX7821 Certified Node (ThinkAgile) XCC Affected: 0 , < 3.20 PSI356B (custom)
Create a notification for this product.
Lenovo MX Edge Appliance - MX1020 (ThinkAgile) XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo MX3330-F All-flash Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3330-H Hybrid Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3331-F All-flash Certified node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3331-H Hybrid Certified node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3530 F All flash Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3530-H Hybrid Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3531 H Hybrid Certified node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo MX3531-F All-flash Certified node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo P920 Rack Workstation (ThinkStation) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SD530 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SD530 V3 (ThinkSystem) XCC Affected: 0 , < 1.20 USX364F (custom)
Create a notification for this product.
Lenovo SD550 V3 (ThinkSystem) XCC Affected: 0 , < 1.20 USX364F (custom)
Create a notification for this product.
Lenovo SD630 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SD650 DWC Dual Node Tray (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SD650 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SD650 V3 (ThinkSystem) XCC Affected: 0 , < 7.10 USX358F (custom)
Create a notification for this product.
Lenovo SD650-N V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SD665 V3 (ThinkSystem) XCC Affected: 0 , < 7.10 QGX344G (custom)
Create a notification for this product.
Lenovo SE350 (ThinkSystem) XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo SE350 V2 (ThinkEdge) XCC Affected: 0 , < 4.10 IYX330J (custom)
Create a notification for this product.
Lenovo SE360 V2 (ThinkEdge) XCC Affected: 0 , < 4.10 IYX330J (custom)
Create a notification for this product.
Lenovo SE450 (ThinkEdge) XCC Affected: 0 , < 4.10 USX360F (custom)
Create a notification for this product.
Lenovo SE455 V3 (ThinkEdge) XCC Affected: 0 , < 4.10 MBX312K (custom)
Create a notification for this product.
Lenovo SN550 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SN550 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SN850 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR150 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR158 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR250 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR250 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SR250 V3 (ThinkSystem) XCC Affected: 0 , < 3.10 CTX318G (custom)
Create a notification for this product.
Lenovo SR258 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR258 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SR258 V3 (ThinkSystem) XCC Affected: 0 , < 3.10 CTX318G (custom)
Create a notification for this product.
Lenovo SR530 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR550 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR570 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR590 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR630 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR630 V2 (ThinkSystem) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo SR630 V3 (ThinkSystem) XCC Affected: 0 , < 5.50 ESX334M (custom)
Create a notification for this product.
Lenovo SR635 V3 (ThinkSystem) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo SR645 (ThinkSystem) XCC Affected: 0 , < 5.80 D8BT66D (custom)
Create a notification for this product.
Lenovo SR645 V3 (ThinkSystem) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo SR650 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo SR650 V2 (ThinkSystem) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo SR650 V3 (ThinkSystem) XCC Affected: 0 , < 5.50 ESX334M (custom)
Create a notification for this product.
Lenovo SR655 V3 (ThinkSystem) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo SR665 (ThinkSystem) XCC Affected: 0 , < 5.80 D8BT66D (custom)
Create a notification for this product.
Lenovo SR665 V3 (ThinkSystem) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo SR670 (ThinkSystem) XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo SR670 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SR675 V3 (ThinkSystem) XCC Affected: 0 , < 7.10 QGX344G (custom)
Create a notification for this product.
Lenovo SR850 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR850 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SR850 V3 (ThinkSystem) XCC Affected: 0 , < 5.10 RSX314G (custom)
Create a notification for this product.
Lenovo SR850P (ThinkSystem) XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo SR860 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo SR860 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo SR860 V3 (ThinkSystem) XCC Affected: 0 , < 5.10 RSX314G (custom)
Create a notification for this product.
Lenovo SR950 (ThinkSystem) XCC Affected: 0 , < 3.20 PSI356B (custom)
Create a notification for this product.
Lenovo SR950 V3 (ThinkSystem) XCC Affected: 0 , < 4.10 EBX310F (custom)
Create a notification for this product.
Lenovo ST250 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo ST250 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo ST258 (ThinkSystem) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo ST258 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo ST258 V3 (ThinkSystem) XCC Affected: 0 , < 3.10 CTX318G (custom)
Create a notification for this product.
Lenovo ST550 (ThinkSystem) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo ST650 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo ST650 V3 (ThinkSystem) XCC Affected: 0 , < 7.10 USX358F (custom)
Create a notification for this product.
Lenovo ST658 V2 (ThinkSystem) XCC Affected: 0 , < 4.12 TGBT52D (custom)
Create a notification for this product.
Lenovo ST658 V3 (ThinkSystem) XCC Affected: 0 , < 7.10 USX358F (custom)
Create a notification for this product.
Lenovo ThinkAgile MX1021 on SE350 XCC Affected: 0 , < 4.12 TEI3E4D (custom)
Create a notification for this product.
Lenovo VX 1SE Certified Node (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo VX 2U4N Certified Node (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo VX 4U Certified Node (ThinkAgile) XCC Affected: 0 , < 3.20 PSI356B (custom)
Create a notification for this product.
Lenovo VX1320 (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo VX2320 (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX2330 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX3320 (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX3330 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX3520-G (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX3530-G Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX3720 (ThinkAgile) XCC Affected: 0 , < 6.40 TEI3F3E (custom)
Create a notification for this product.
Lenovo VX5520 (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX5530 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX635 V3 Integrated System (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX645 V3 Certified Node (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX645 V3 Integrated System (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX655 V3 Certified Node (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX655 V3 Integrated System (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX665 V3 Certified Node (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX665 V3 Integrated System (ThinkAgile) XCC Affected: 0 , < 3.50 KAX334N (custom)
Create a notification for this product.
Lenovo VX7320 N (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX7330 Appliance (Thinkagile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX7520 (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX7520 N (ThinkAgile) XCC Affected: 0 , < 9.98 CDI3B4E (custom)
Create a notification for this product.
Lenovo VX7530 Appliance (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX7531 Certified Node (ThinkAgile) XCC Affected: 0 , < 5.10 AFBT50F (custom)
Create a notification for this product.
Lenovo VX7820 (ThinkAgile) XCC Affected: 0 , < 3.20 PSI356B (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-13T17:55:00.402704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T17:55:08.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HX5530 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7530 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST250 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.10 CTX318G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3331 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX Enclosure Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1021 Edge Certified Node 3yr (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1320 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1321 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1331 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1520-R Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX1521-R Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX2320-E Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX2321 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX2330 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX2331 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX2720-E Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3320 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3321 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3330 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3331 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3331 Node SAP HANA (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3375 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.80 D8BT66D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3376 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.80 D8BT66D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3520-G Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3521-G Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3720 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX3721 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX5520 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX5520-C Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX5521 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX5521-C Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX5531 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7520 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7521 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7530 Appl for SAP HANA (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7531 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7531 Node SAP HANA (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7820 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.20 PSI356B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HX7821 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.20 PSI356B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX Edge Appliance - MX1020 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3330-F All-flash Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3330-H Hybrid Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3331-F All-flash Certified node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3331-H Hybrid Certified node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3530 F All flash Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3530-H Hybrid Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3531 H Hybrid Certified node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MX3531-F All-flash Certified node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P920 Rack Workstation (ThinkStation) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD530 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD530 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.20 USX364F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD550 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.20 USX364F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD630 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD650 DWC Dual Node Tray (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD650 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD650 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "7.10 USX358F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD650-N V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SD665 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "7.10 QGX344G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SE350 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SE350 V2 (ThinkEdge) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.10 IYX330J",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SE360 V2 (ThinkEdge) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.10 IYX330J",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SE450 (ThinkEdge) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.10 USX360F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SE455 V3 (ThinkEdge) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.10 MBX312K",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SN550 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SN550 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SN850 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR150 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR158 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR250 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR250 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR250 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.10 CTX318G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR258 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR258 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR258 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.10 CTX318G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR530 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR550 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR570  (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR590 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR630  (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR630 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR630 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.50 ESX334M",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR635 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR645 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.80 D8BT66D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR645 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR650  (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR650 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR650 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.50 ESX334M",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR655 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR665 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.80 D8BT66D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR665 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR670 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR670 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR675 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "7.10 QGX344G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR850 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR850 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR850 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 RSX314G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR850P (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR860 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR860 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR860 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 RSX314G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR950 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.20 PSI356B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SR950 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.10 EBX310F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST250 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST250 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST258 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST258 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST258 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.10 CTX318G",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST550 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST650 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST650 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "7.10 USX358F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST658 V2 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TGBT52D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST658 V3 (ThinkSystem) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "7.10 USX358F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ThinkAgile MX1021 on SE350 XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "4.12 TEI3E4D",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX 1SE Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX 2U4N Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX 4U Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.20 PSI356B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX1320 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX2320 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX2330 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3320 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3330 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3520-G (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3530-G Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX3720 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "6.40 TEI3F3E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX5520 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX5530 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX635 V3 Integrated System (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX645 V3 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX645 V3 Integrated System (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX655 V3 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX655 V3 Integrated System (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX665 V3 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX665 V3 Integrated System (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.50 KAX334N",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7320 N (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7330 Appliance (Thinkagile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7520 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7520 N (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "9.98 CDI3B4E",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7530 Appliance (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7531 Certified Node (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "5.10 AFBT50F",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VX7820 (ThinkAgile) XCC",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "3.20 PSI356B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.\u003c/span\u003e"
            }
          ],
          "value": "IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-13T17:27:11.059Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-172051"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-172051\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-172051\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-172051"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2024-8059",
    "datePublished": "2024-09-13T17:27:11.059Z",
    "dateReserved": "2024-08-21T18:21:35.109Z",
    "dateUpdated": "2024-09-13T17:55:08.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8013 (GCVE-0-2024-8013)

Vulnerability from cvelistv5 – Published: 2024-10-28 12:58 – Updated: 2024-10-28 13:39
VLAI
Title
CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
Summary
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc mongocryptd Affected: 5.0 , < 5.0.29 (custom)
Affected: 6.0 , < 6.0.17 (custom)
Affected: 7.0 , < 7.012 (custom)
Affected: 7.3 , < 7.3.4 (custom)
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:*
    cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:*
Create a notification for this product.
MongoDB Inc Mongo_crypt_v1.so Affected: 6.0 , < 6.0.17 (custom)
Affected: 7.0 , < 7.0.12 (custom)
Affected: 7.3 , < 7.3.4 (custom)
Create a notification for this product.
Date Public
2024-10-28 12:57
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T13:39:18.972061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T13:39:31.561Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:*",
            "cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "mongocryptd",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "5.0.29",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.17",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.012",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Mongo_crypt_v1.so",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "6.0.17",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.12",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-10-28T12:57:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior t\u003c/span\u003eo 5.0.29, v\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-28T12:58:05.317Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-96254"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2024-8013",
    "datePublished": "2024-10-28T12:58:05.317Z",
    "dateReserved": "2024-08-20T15:39:32.550Z",
    "dateUpdated": "2024-10-28T13:39:31.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7408 (GCVE-0-2024-7408)

Vulnerability from cvelistv5 – Published: 2024-08-09 10:40 – Updated: 2024-08-09 15:14
VLAI
Title
Information Disclosure Vulnerability in Airveda Air Quality Monitor
Summary
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Airveda Air Quality Monitor PM2.5 PM10 Affected: 0 , < 7.4.4.39 (custom)
Create a notification for this product.
Credits
This vulnerability is reported by Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad Campus
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T15:14:02.118389Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:14:15.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Air Quality Monitor PM2.5 PM10",
          "vendor": "Airveda",
          "versions": [
            {
              "lessThan": "7.4.4.39",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability is reported by Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad Campus"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\n\nSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-65",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-65 Sniff Application Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-09T10:40:54.953Z",
        "orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
        "shortName": "CERT-In"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0233"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to patched version 7.4.4.39\u003cbr\u003e"
            }
          ],
          "value": "Upgrade to patched version 7.4.4.39"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure Vulnerability in Airveda Air Quality Monitor",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
    "assignerShortName": "CERT-In",
    "cveId": "CVE-2024-7408",
    "datePublished": "2024-08-09T10:40:54.953Z",
    "dateReserved": "2024-08-02T10:47:10.549Z",
    "dateUpdated": "2024-08-09T15:14:15.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.

Mitigation
Implementation

When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.

Mitigation
Implementation

When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.

Mitigation
Testing

Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Mitigation
Operation

Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.

CAPEC-117: Interception

An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.

CAPEC-383: Harvesting Information via API Event Monitoring

An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.

CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

CAPEC-65: Sniff Application Code

An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.