CWE-319
AllowedCleartext Transmission of Sensitive Information
Abstraction: Base · Status: Draft
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
1147 vulnerabilities reference this CWE, most recent first.
CVE-2024-21406 (GCVE-0-2024-21406)
Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-08 15:40- CWE-319 - Cleartext Transmission of Sensitive Information
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.5458
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.0 , < 10.0.17763.5458
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.5458
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.5458
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.2322
(custom)
|
|
| Microsoft | Windows 11 version 21H2 |
Affected:
10.0.0 , < 10.0.22000.2777
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19043.0 , < 10.0.19044.4046
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.3155
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.4046
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.3155
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.3155
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.709
(custom)
|
|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20469
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.6709
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.6709
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.6709
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.26961
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.26961
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.24710
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.24710
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.21813
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.21813
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Windows Printing Service Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T19:24:40.484205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:40:28.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5458",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5458",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5458",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.5458",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2322",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2777",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.4046",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.3155",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.4046",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3155",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.3155",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.709",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20469",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6709",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6709",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.6709",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26961",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26961",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24710",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24710",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21813",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.21813",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5458",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5458",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2322",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2777",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4046",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3155",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4046",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3155",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3155",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.709",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20469",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6709",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26961",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26961",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24710",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24710",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21813",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.21813",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows Printing Service Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:44.793Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Printing Service Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
}
],
"title": "Windows Printing Service Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21406",
"datePublished": "2024-02-13T18:02:47.978Z",
"dateReserved": "2023-12-08T22:45:21.299Z",
"dateUpdated": "2025-05-08T15:40:28.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13872 (GCVE-0-2024-13872)
Vulnerability from cvelistv5 – Published: 2025-03-12 11:47 – Updated: 2025-03-12 14:09 Unsupported When Assigned- CWE-319 - Cleartext Transmission of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Bitdefender | BOX v1 |
Affected:
1.3.11.490 , < 1.3.11.505
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:04:03.269492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:09:37.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BOX v1",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "1.3.11.505",
"status": "affected",
"version": "1.3.11.490",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alan Cao"
}
],
"datePublic": "2025-03-01T10:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eBitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.\u003c/div\u003e"
}
],
"value": "Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T11:47:46.419Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to version 1.3.11.505 fixes the issue."
}
],
"value": "An automatic update to version 1.3.11.505 fixes the issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2024-13872",
"datePublished": "2025-03-12T11:47:46.419Z",
"dateReserved": "2025-02-13T17:36:46.927Z",
"dateUpdated": "2025-03-12T14:09:37.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12378 (GCVE-0-2024-12378)
Vulnerability from cvelistv5 – Published: 2025-05-08 19:05 – Updated: 2025-05-08 19:18- CWE-319 - Cleartext Transmission of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | CloudVision Portal |
Affected:
4.32.0 , ≤ 4.32.2F
(custom)
Affected: 4.31.0 , ≤ 4.31.6M (custom) Affected: 4.30.0 , ≤ 4.30.8M (custom) Affected: 4.29.0 , ≤ 4.29.9M (custom) Affected: 4.28.0 , ≤ 4.28.12M (custom) Affected: 4.27.0 , ≤ 4.27.12M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:16:38.893940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:18:27.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.12M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-12378, the following condition must be met:\u003c/p\u003e\u003cp\u003eSecure Vxlan must be configured.\u003c/p\u003e\u003cp\u003eThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; Dest \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Uptime \u0026nbsp; \u0026nbsp; Input \u0026nbsp; \u0026nbsp;Output \u0026nbsp; \u0026nbsp; Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u0026nbsp; 1.0.2.1 \u0026nbsp; \u003cb\u003eEstablished\u003c/b\u003e\u0026nbsp; 19 minutes 0 bytes \u0026nbsp;152 bytes \u0026nbsp;24 minutes\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 pkts \u0026nbsp; \u0026nbsp;2 pkts\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eA normal encrypted connection will show the status as \u201cestablished\u201d.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-12378, the following condition must be met:\n\nSecure Vxlan must be configured.\n\nThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\n\nswitch\u003e show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 Dest \u00a0 \u00a0 \u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 Uptime \u00a0 \u00a0 Input \u00a0 \u00a0Output \u00a0 \u00a0 Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u00a0 1.0.2.1 \u00a0 Established\u00a0 19 minutes 0 bytes \u00a0152 bytes \u00a024 minutes\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0 pkts \u00a0 \u00a02 pkts\n\n\n\u00a0\n\nA normal encrypted connection will show the status as \u201cestablished\u201d."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:05:22.320Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-12378 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-12378 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.30.9M and later releases in the 4.30.x train\n * 4.29.10M and later releases in the 4.29.x train"
}
],
"source": {
"advisory": "113",
"defect": [
"BUG 997526"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to remove and re-apply security profiles for each secure VTEP.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show vxlan security profile\nVTEP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Security Profile\n------------- ----------------\n1.0.2.1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; p1\nswitch\u0026gt; en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to remove and re-apply security profiles for each secure VTEP.\n\nswitch\u003e show vxlan security profile\nVTEP \u00a0 \u00a0 \u00a0 \u00a0 Security Profile\n------------- ----------------\n1.0.2.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 p1\nswitch\u003e en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-12378",
"datePublished": "2025-05-08T19:05:22.320Z",
"dateReserved": "2024-12-09T18:19:27.219Z",
"dateUpdated": "2025-05-08T19:18:27.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11946 (GCVE-0-2024-11946)
Vulnerability from cvelistv5 – Published: 2024-12-30 20:12 – Updated: 2024-12-30 22:59- CWE-319 - Cleartext Transmission of Sensitive Information
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.truenas.com/docs/core/13.0/gettingsta… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| iXsystems | TrueNAS CORE |
Affected:
13.3-RELEASE
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T22:58:53.294782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T22:59:36.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TrueNAS CORE",
"vendor": "iXsystems",
"versions": [
{
"status": "affected",
"version": "13.3-RELEASE"
}
]
}
],
"dateAssigned": "2024-11-27T23:37:33.541Z",
"datePublic": "2024-12-20T01:15:47.308Z",
"descriptions": [
{
"lang": "en",
"value": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T20:12:23.839Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1644",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
}
],
"source": {
"lang": "en",
"value": "Daan Keuper, Thijs Alkemade and Khaled Nassar from Computest Sector 7"
},
"title": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11946",
"datePublished": "2024-12-30T20:12:23.839Z",
"dateReserved": "2024-11-27T23:37:33.514Z",
"dateUpdated": "2024-12-30T22:59:36.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10973 (GCVE-0-2024-10973)
Vulnerability from cvelistv5 – Published: 2024-12-17 22:59 – Updated: 2025-11-20 18:12- CWE-319 - Cleartext Transmission of Sensitive Information
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-10973 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2324361 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
|
Unaffected:
22.0 , < 23.0
(semver)
Unaffected: 24.0 , < 25.0 (semver) Unaffected: 26.0.6 , < * (semver) |
|||
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T16:25:38.326417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T16:26:12.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keycloak/keycloak",
"defaultStatus": "affected",
"packageName": "keycloak",
"versions": [
{
"lessThan": "23.0",
"status": "unaffected",
"version": "22.0",
"versionType": "semver"
},
{
"lessThan": "25.0",
"status": "unaffected",
"version": "24.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "26.0.6",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "unaffected",
"packageName": "org.keycloak/keycloak-quarkus-server",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "org.keycloak/keycloak-quarkus-server",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "org.keycloak/keycloak-quarkus-server",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank philliphnguyen for reporting this issue."
}
],
"datePublic": "2024-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:12:13.352Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10973"
},
{
"name": "RHBZ#2324361",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324361"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-07T12:09:22.885Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-07T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak: cli option for encrypted jgroups ignored",
"x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-10973",
"datePublished": "2024-12-17T22:59:38.518Z",
"dateReserved": "2024-11-07T16:42:52.079Z",
"dateUpdated": "2025-11-20T18:12:13.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9834 (GCVE-0-2024-9834)
Vulnerability from cvelistv5 – Published: 2024-11-14 20:57 – Updated: 2024-11-15 15:10- CWE-319 - Cleartext Transmission of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
|
| baxter | life2000_ventilator_firmware |
Affected:
0 , ≤ 06.08.00.00
(custom)
cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:09:40.431805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:10:40.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T20:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
}
],
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:47:25.133Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper data protection on Life2000 ventilator serial interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-9834",
"datePublished": "2024-11-14T20:57:22.734Z",
"dateReserved": "2024-10-10T19:24:48.834Z",
"dateUpdated": "2024-11-15T15:10:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9620 (GCVE-0-2024-9620)
Vulnerability from cvelistv5 – Published: 2024-10-08 16:25 – Updated: 2025-11-20 20:58- CWE-319 - Cleartext Transmission of Sensitive Information
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9620 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317129 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.4
(semver)
|
|||
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:42:34.191580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:43:09.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "affected",
"packageName": "event-driven-automation",
"versions": [
{
"lessThan": "2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "event_driven",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Enzo Ferreira (Red Hat)."
}
],
"datePublic": "2024-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:58:17.772Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-9620"
},
{
"name": "RHBZ#2317129",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317129"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-08T00:49:58.428Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-08T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption",
"x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-9620",
"datePublished": "2024-10-08T16:25:39.944Z",
"dateReserved": "2024-10-08T00:58:15.815Z",
"dateUpdated": "2025-11-20T20:58:17.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8059 (GCVE-0-2024-8059)
Vulnerability from cvelistv5 – Published: 2024-09-13 17:27 – Updated: 2024-09-13 17:55- CWE-319 - Cleartext Transmission of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | HX5530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | ST250 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | VX3331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX Enclosure Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX1021 Edge Certified Node 3yr (ThinkAgile) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | HX1320 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX1520-R Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1521-R Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2320-E Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX2331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX2720-E Appliance (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX3320 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3331 Node SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3375 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | HX3376 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | HX3520-G Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3521-G Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3720 Appliance (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX3721 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX5520 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5520-C Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5521 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5521-C Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7520 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX7521 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX7530 Appl for SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7531 Node SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7820 Appliance (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | HX7821 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | MX Edge Appliance - MX1020 (ThinkAgile) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | MX3330-F All-flash Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3330-H Hybrid Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3331-F All-flash Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3331-H Hybrid Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3530 F All flash Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3530-H Hybrid Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3531 H Hybrid Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3531-F All-flash Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | P920 Rack Workstation (ThinkStation) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SD530 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SD530 V3 (ThinkSystem) XCC |
Affected:
0 , < 1.20 USX364F
(custom)
|
|
| Lenovo | SD550 V3 (ThinkSystem) XCC |
Affected:
0 , < 1.20 USX364F
(custom)
|
|
| Lenovo | SD630 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD650 DWC Dual Node Tray (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SD650 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD650 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | SD650-N V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD665 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 QGX344G
(custom)
|
|
| Lenovo | SE350 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SE350 V2 (ThinkEdge) XCC |
Affected:
0 , < 4.10 IYX330J
(custom)
|
|
| Lenovo | SE360 V2 (ThinkEdge) XCC |
Affected:
0 , < 4.10 IYX330J
(custom)
|
|
| Lenovo | SE450 (ThinkEdge) XCC |
Affected:
0 , < 4.10 USX360F
(custom)
|
|
| Lenovo | SE455 V3 (ThinkEdge) XCC |
Affected:
0 , < 4.10 MBX312K
(custom)
|
|
| Lenovo | SN550 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SN550 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SN850 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR150 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR158 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR250 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR250 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR250 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | SR258 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR258 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR258 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | SR530 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR550 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR570 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR590 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR630 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR630 V2 (ThinkSystem) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | SR630 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.50 ESX334M
(custom)
|
|
| Lenovo | SR635 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR645 (ThinkSystem) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | SR645 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR650 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR650 V2 (ThinkSystem) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | SR650 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.50 ESX334M
(custom)
|
|
| Lenovo | SR655 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR665 (ThinkSystem) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | SR665 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR670 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SR670 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR675 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 QGX344G
(custom)
|
|
| Lenovo | SR850 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR850 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR850 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.10 RSX314G
(custom)
|
|
| Lenovo | SR850P (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SR860 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR860 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR860 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.10 RSX314G
(custom)
|
|
| Lenovo | SR950 (ThinkSystem) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | SR950 V3 (ThinkSystem) XCC |
Affected:
0 , < 4.10 EBX310F
(custom)
|
|
| Lenovo | ST250 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | ST250 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST258 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | ST258 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST258 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | ST550 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | ST650 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST650 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | ST658 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST658 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | ThinkAgile MX1021 on SE350 XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | VX 1SE Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX 2U4N Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX 4U Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | VX1320 (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX2320 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX2330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3320 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX3330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3520-G (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX3530-G Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3720 (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX5520 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX5530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX635 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX645 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX645 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX655 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX655 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX665 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX665 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX7320 N (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7330 Appliance (Thinkagile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7520 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7520 N (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7820 (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:55:00.402704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:55:08.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HX5530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX Enclosure Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1021 Edge Certified Node 3yr (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1320 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1520-R Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1521-R Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2320-E Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2720-E Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3320 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3331 Node SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3375 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3376 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3520-G Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3521-G Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3720 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3721 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5520 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5520-C Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5521 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5521-C Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7520 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7521 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7530 Appl for SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7531 Node SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7820 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7821 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX Edge Appliance - MX1020 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3330-F All-flash Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3330-H Hybrid Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3331-F All-flash Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3331-H Hybrid Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3530 F All flash Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3530-H Hybrid Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3531 H Hybrid Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3531-F All-flash Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P920 Rack Workstation (ThinkStation) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD530 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD530 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.20 USX364F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD550 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.20 USX364F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD630 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 DWC Dual Node Tray (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650-N V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD665 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 QGX344G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE350 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE350 V2 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 IYX330J",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE360 V2 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 IYX330J",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE450 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 USX360F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE455 V3 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 MBX312K",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN550 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN850 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR150 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR158 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR530 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR570 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR590 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.50 ESX334M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR635 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR645 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR645 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.50 ESX334M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR655 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR665 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR665 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR670 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR670 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR675 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 QGX344G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 RSX314G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850P (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 RSX314G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR950 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR950 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 EBX310F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST658 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST658 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkAgile MX1021 on SE350 XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 1SE Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 2U4N Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 4U Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX1320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX2320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX2330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3520-G (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3530-G Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3720 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX5520 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX5530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX635 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX645 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX645 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX655 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX655 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX665 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX665 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7320 N (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7330 Appliance (Thinkagile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7520 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7520 N (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7820 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.\u003c/span\u003e"
}
],
"value": "IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:27:11.059Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-172051"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-172051\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-172051\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-172051"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-8059",
"datePublished": "2024-09-13T17:27:11.059Z",
"dateReserved": "2024-08-21T18:21:35.109Z",
"dateUpdated": "2024-09-13T17:55:08.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8013 (GCVE-0-2024-8013)
Vulnerability from cvelistv5 – Published: 2024-10-28 12:58 – Updated: 2024-10-28 13:39- CWE-319 - Cleartext Transmission of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc | mongocryptd |
Affected:
5.0 , < 5.0.29
(custom)
Affected: 6.0 , < 6.0.17 (custom) Affected: 7.0 , < 7.012 (custom) Affected: 7.3 , < 7.3.4 (custom) cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:* |
|
| MongoDB Inc | Mongo_crypt_v1.so |
Affected:
6.0 , < 6.0.17
(custom)
Affected: 7.0 , < 7.0.12 (custom) Affected: 7.3 , < 7.3.4 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:39:18.972061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:39:31.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "mongocryptd",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "5.0.29",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "6.0.17",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.012",
"status": "affected",
"version": "7.0",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mongo_crypt_v1.so",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "6.0.17",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-28T12:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior t\u003c/span\u003eo 5.0.29, v\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T12:58:05.317Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-96254"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-8013",
"datePublished": "2024-10-28T12:58:05.317Z",
"dateReserved": "2024-08-20T15:39:32.550Z",
"dateUpdated": "2024-10-28T13:39:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7408 (GCVE-0-2024-7408)
Vulnerability from cvelistv5 – Published: 2024-08-09 10:40 – Updated: 2024-08-09 15:14- CWE-319 - Cleartext Transmission of Sensitive Information
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Airveda | Air Quality Monitor PM2.5 PM10 |
Affected:
0 , < 7.4.4.39
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:14:02.118389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:14:15.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Air Quality Monitor PM2.5 PM10",
"vendor": "Airveda",
"versions": [
{
"lessThan": "7.4.4.39",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad Campus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\n\nSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-65",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-65 Sniff Application Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T10:40:54.953Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0233"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to patched version 7.4.4.39\u003cbr\u003e"
}
],
"value": "Upgrade to patched version 7.4.4.39"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in Airveda Air Quality Monitor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-7408",
"datePublished": "2024-08-09T10:40:54.953Z",
"dateReserved": "2024-08-02T10:47:10.549Z",
"dateUpdated": "2024-08-09T15:14:15.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.