Common Weakness Enumeration

CWE-358

Allowed

Improperly Implemented Security Check for Standard

Abstraction: Base · Status: Draft

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

197 vulnerabilities reference this CWE, most recent first.

CVE-2024-23592 (GCVE-0-2024-23592)

Vulnerability from cvelistv5 – Published: 2024-04-05 20:46 – Updated: 2024-09-06 20:09
VLAI
Summary
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
Impacted products
Vendor Product Version
Lenovo Synaptics Fingerprint Readers Affected: Various
Create a notification for this product.
lenovo fingerprint_reader Affected: 0 , < * (custom)
    cpe:2.3:h:lenovo:fingerprint_reader:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-155804"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:lenovo:fingerprint_reader:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fingerprint_reader",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T15:29:49.415726Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T20:09:15.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Synaptics Fingerprint Readers",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": " Various"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication."
            }
          ],
          "value": "An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-05T20:46:20.996Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-155804"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Enable Windows Hello Enhanced Sign-in Security (ESS) and upgrade to the driver version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-155804\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-155804\u003c/a\u003e"
            }
          ],
          "value": "Enable Windows Hello Enhanced Sign-in Security (ESS) and upgrade to the driver version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-155804 "
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2024-23592",
    "datePublished": "2024-04-05T20:46:20.996Z",
    "dateReserved": "2024-01-18T15:28:42.477Z",
    "dateUpdated": "2024-09-06T20:09:15.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12056 (GCVE-0-2024-12056)

Vulnerability from cvelistv5 – Published: 2024-12-04 14:30 – Updated: 2024-12-04 15:00
VLAI
Title
Client Secret not checked with OAuth Password grant type
Summary
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
Impacted products
Vendor Product Version
arcinfo PcVue Affected: 12.0 , < 16.2.2 (cpe)
Create a notification for this product.
Date Public
2024-12-01 23:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:47:29.632279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T15:00:50.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "OAuth web service"
          ],
          "product": "PcVue",
          "vendor": "arcinfo",
          "versions": [
            {
              "lessThan": "16.2.2",
              "status": "affected",
              "version": "12.0",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Only the Web server where the Web \u0026amp; Mobile features are deployed are affected."
            }
          ],
          "value": "Only the Web server where the Web \u0026 Mobile features are deployed are affected."
        }
      ],
      "datePublic": "2024-12-01T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Client secret is not checked when using the OAuth Password grant type.\u003cbr\u003e\u003cbr\u003eBy exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.\u003cbr\u003eExploitation requires valid credentials and does not permit the attacker to bypass user privileges.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "The Client secret is not checked when using the OAuth Password grant type.\n\nBy exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.\nExploitation requires valid credentials and does not permit the attacker to bypass user privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No POC available."
            }
          ],
          "value": "No POC available."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Not known to be exploited."
            }
          ],
          "value": "Not known to be exploited."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:N/R:U/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T14:30:35.838Z",
        "orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
        "shortName": "arcinfo"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.pcvue.com/security/security/#SB2024-4"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cu\u003eUninstall the Web Server:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eThe OAuth web service is part of the Web Server for PcVue. If your system does not require the use of the Web \u0026amp; Mobile features, you should make sure not to install them. \u003cbr\u003e\u003cbr\u003e\u003cb\u003e\u003cu\u003eUpdate the Web Deployment Console (WDC) and re deploy the Web Server:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eInstall a patched release of product, including the Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server.\u003cbr\u003e\u003cbr\u003e\u003cu\u003e\u003cb\u003eAvailable patches:\u003c/b\u003e\u003c/u\u003e\u003cbr\u003eFixed in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 16.2.2\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "Uninstall the Web Server:\nThe OAuth web service is part of the Web Server for PcVue. If your system does not require the use of the Web \u0026 Mobile features, you should make sure not to install them. \n\nUpdate the Web Deployment Console (WDC) and re deploy the Web Server:\nInstall a patched release of product, including the Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server.\n\nAvailable patches:\nFixed in:\n  *  PcVue 16.2.2"
        }
      ],
      "source": {
        "advisory": "SB2024-4",
        "discovery": "INTERNAL"
      },
      "title": "Client Secret not checked with OAuth Password grant type",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
    "assignerShortName": "arcinfo",
    "cveId": "CVE-2024-12056",
    "datePublished": "2024-12-04T14:30:35.838Z",
    "dateReserved": "2024-12-02T19:57:19.644Z",
    "dateUpdated": "2024-12-04T15:00:50.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39403 (GCVE-0-2023-39403)

Vulnerability from cvelistv5 – Published: 2023-08-13 12:40 – Updated: 2024-10-09 19:30
VLAI
Summary
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
  • CWE-285 - Improper Authorization
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 3.1.0
Affected: 3.0.0
Affected: 2.1.0
Affected: 2.0.0
Affected: 2.0.1
Create a notification for this product.
Huawei EMUI Affected: 13.0.0
Affected: 12.0.1
Affected: 12.0.0
Affected: 11.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-39403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T19:06:16.944928Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-285",
                "description": "CWE-285 Improper Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T19:30:27.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EMUI",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization."
            }
          ],
          "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358  Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-13T12:40:18.157Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/"
        },
        {
          "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2023-39403",
    "datePublished": "2023-08-13T12:40:18.157Z",
    "dateReserved": "2023-07-31T04:41:37.870Z",
    "dateUpdated": "2024-10-09T19:30:27.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28601 (GCVE-0-2023-28601)

Vulnerability from cvelistv5 – Published: 2023-06-13 17:05 – Updated: 2025-01-02 20:01
VLAI
Summary
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
Impacted products
Date Public
2023-06-13 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T20:00:42.831156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T20:01:16.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Zoom for Windows Client",
          "vendor": "Zoom Video Communications, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "before 5.14.0"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability.  A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client."
            }
          ],
          "value": "Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability.  A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358: Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-19T19:22:30.273Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2023-28601",
    "datePublished": "2023-06-13T17:05:58.289Z",
    "dateReserved": "2023-03-17T13:27:32.368Z",
    "dateUpdated": "2025-01-02T20:01:16.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28113 (GCVE-0-2023-28113)

Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2025-02-25 14:55
VLAI
Title
russh may use insecure Diffie-Hellman keys
Summary
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those of a russh peer with some other misbehaving peer are most likely to be problematic. These may vulnerable to eavesdropping. Most other implementations reject such keys, so this is mainly an interoperability issue in such a case. This issue is fixed in versions 0.36.2 and 0.37.1
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
Impacted products
Vendor Product Version
warp-tech russh Affected: 0.34.0 , < 0.34.0* (custom)
Affected: 0.36.2 , < 0.36.2 (custom)
Affected: 0.37.0 , < 0.37.0* (custom)
Affected: 0.37.1 , < 0.37.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/commit/d831a3716d3719dc76f091fcea9d94bd4ef97c6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L72-L76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L78-L81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/releases/tag/v0.36.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/releases/tag/v0.37.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-cqvm-j2r2-hwpg"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:29:28.461323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:55:51.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "russh",
          "vendor": "warp-tech",
          "versions": [
            {
              "lessThan": "0.34.0*",
              "status": "affected",
              "version": "0.34.0",
              "versionType": "custom"
            },
            {
              "lessThan": "0.36.2",
              "status": "affected",
              "version": "0.36.2",
              "versionType": "custom"
            },
            {
              "lessThan": "0.37.0*",
              "status": "affected",
              "version": "0.37.0",
              "versionType": "custom"
            },
            {
              "lessThan": "0.37.1",
              "status": "affected",
              "version": "0.37.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those of a russh peer with some other misbehaving peer are most likely to be problematic. These may vulnerable to eavesdropping. Most other implementations reject such keys, so this is mainly an interoperability issue in such a case. This issue is fixed in versions 0.36.2 and 0.37.1"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-16T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/warp-tech/russh/commit/d831a3716d3719dc76f091fcea9d94bd4ef97c6e"
        },
        {
          "url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L72-L76"
        },
        {
          "url": "https://github.com/warp-tech/russh/blob/master/russh/src/kex/dh/groups.rs#L78-L81"
        },
        {
          "url": "https://github.com/warp-tech/russh/releases/tag/v0.36.2"
        },
        {
          "url": "https://github.com/warp-tech/russh/releases/tag/v0.37.1"
        },
        {
          "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-cqvm-j2r2-hwpg"
        }
      ],
      "source": {
        "advisory": "GHSA-cqvm-j2r2-hwpg",
        "defect": [
          "GHSA-cqvm-j2r2-hwpg"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "russh may use insecure Diffie-Hellman keys",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-28113",
    "datePublished": "2023-03-16T00:00:00.000Z",
    "dateReserved": "2023-03-10T00:00:00.000Z",
    "dateUpdated": "2025-02-25T14:55:51.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22393 (GCVE-0-2023-22393)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:43
VLAI
Title
Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 21.1R1 (custom)
Affected: 21.1 , < 21.1R3-S4 (custom)
Affected: 21.2 , < 21.2R3-S3 (custom)
Affected: 21.3 , < 21.3R3-S2 (custom)
Affected: 21.4 , < 21.4R2-S2, 21.4R3 (custom)
Affected: 22.1 , < 22.1R1-S2, 22.1R2 (custom)
Affected: 22.2 , < 22.2R1-S1, 22.2R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Evolved Unaffected: unspecified , < 21.3R1-EVO (custom)
Affected: 21.4-EVO , < 21.4R2-S2-EVO, 21.4R3-EVO (custom)
Affected: 22.1-EVO , < 22.1R1-S2-EVO, 22.1R2-EVO (custom)
Affected: 22.2-EVO , < 22.2R1-S1-EVO, 22.2R2-EVO (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70189"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T15:11:14.520480Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T15:43:29.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.1R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S4",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S3",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S2",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R2-S2, 21.4R3",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R1-S2, 22.1R2",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R1-S1, 22.2R2",
              "status": "affected",
              "version": "22.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.3R1-EVO",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R2-S2-EVO, 21.4R3-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R1-S2-EVO, 22.1R2-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R1-S1-EVO, 22.2R2-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS) ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70189"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS : 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved : 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA70189",
        "defect": [
          "1679539"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop ",
      "workarounds": [
        {
          "lang": "en",
          "value": "\nEnsure every BGP session has an import policy configured. \n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22393",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-07T15:43:29.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4501 (GCVE-0-2023-4501)

Vulnerability from cvelistv5 – Published: 2023-09-12 18:05 – Updated: 2024-09-26 14:08
VLAI
Title
Authentication bypass in OpenText (Micro Focus) Enterprise Server
Summary
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-358 - Improperly Implemented Security Check for Standard
  • CWE-253 - Incorrect Check of Function Return Value
Assigner
References
Impacted products
Vendor Product Version
OpenText Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server Affected: 7.0.19 , < 7.0.21 (patch update)
Affected: 8.0.8 , < 8.0.10 (patch update)
Affected: 9.0.1 , < 9.0.2 (patch update)
Create a notification for this product.
opentext visual_cobal_cobal_server_enterprise_developer_enterprise_server Affected: 7.0.19 , < 7.0.21 (custom)
Affected: 8.0.8 , < 8.0.10 (custom)
Affected: 9.0.1 , < 9.0.2 (custom)
    cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.microfocus.com/s/article/KM000021287"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visual_cobal_cobal_server_enterprise_developer_enterprise_server",
            "vendor": "opentext",
            "versions": [
              {
                "lessThan": "7.0.21",
                "status": "affected",
                "version": "7.0.19",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.10",
                "status": "affected",
                "version": "8.0.8",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.2",
                "status": "affected",
                "version": "9.0.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4501",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:56:28.372526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:08:41.901Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "AIX Solaris HP-UX"
          ],
          "product": "Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "7.0.21",
              "status": "affected",
              "version": "7.0.19",
              "versionType": "patch update"
            },
            {
              "lessThan": "8.0.10",
              "status": "affected",
              "version": "8.0.8",
              "versionType": "patch update"
            },
            {
              "lessThan": "9.0.2",
              "status": "affected",
              "version": "9.0.1",
              "versionType": "patch update"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for more information.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for more information.\n"
        }
      ],
      "datePublic": "2023-09-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\u003cbr\u003e\u003cbr\u003eMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\u003cbr\u003e\u003cbr\u003eAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\u003cbr\u003e"
            }
          ],
          "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "OpenText has not been informed of any exploitation of this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "OpenText has not been informed of any exploitation of this vulnerability.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253 Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T18:05:56.684Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://portal.microfocus.com/s/article/KM000021287"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\u003cbr\u003e"
            }
          ],
          "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-08T00:00:00.000Z",
          "value": "Reported by customer."
        },
        {
          "lang": "en",
          "time": "2023-08-22T00:00:00.000Z",
          "value": "Fix made available."
        },
        {
          "lang": "en",
          "time": "2023-09-01T00:00:00.000Z",
          "value": "Security bulletin published."
        }
      ],
      "title": "Authentication bypass in OpenText (Micro Focus) Enterprise Server",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for workaround details.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for workaround details.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-4501",
    "datePublished": "2023-09-12T18:05:56.684Z",
    "dateReserved": "2023-08-23T18:01:40.973Z",
    "dateUpdated": "2024-09-26T14:08:41.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3266 (GCVE-0-2023-3266)

Vulnerability from cvelistv5 – Published: 2023-08-14 04:09 – Updated: 2024-10-09 14:38
VLAI
Summary
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
Impacted products
Credits
Philippe Laulheret
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T14:38:40.338124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T14:38:50.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerPanel Enterprise",
          "vendor": "CyberPower",
          "versions": [
            {
              "status": "affected",
              "version": "v2.6.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Philippe Laulheret"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully."
            }
          ],
          "value": "A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358: Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T04:09:45.187Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2023-3266",
    "datePublished": "2023-08-14T04:09:45.187Z",
    "dateReserved": "2023-06-15T06:50:36.714Z",
    "dateUpdated": "2024-10-09T14:38:50.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2585 (GCVE-0-2023-2585)

Vulnerability from cvelistv5 – Published: 2023-12-21 09:24 – Updated: 2024-08-02 06:26
VLAI
Title
Keycloak: client access via device auth request spoof
Summary
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2023:3883 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:3884 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:3885 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:3888 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:3892 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-2585 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2196335 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6.4
Create a notification for this product.
Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.8-1.redhat_00001.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Create a notification for this product.
Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.8-1.redhat_00001.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Create a notification for this product.
Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.8-1.redhat_00001.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Create a notification for this product.
Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-24 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
Create a notification for this product.
Date Public
2023-06-26 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:3883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:3883"
          },
          {
            "name": "RHSA-2023:3884",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:3884"
          },
          {
            "name": "RHSA-2023:3885",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:3885"
          },
          {
            "name": "RHSA-2023:3888",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:3888"
          },
          {
            "name": "RHSA-2023:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:3892"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-2585"
          },
          {
            "name": "RHBZ#2196335",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.8-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.8-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.8-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-24",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Keycloak\u0027s device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T15:32:35.422Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:3883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:3883"
        },
        {
          "name": "RHSA-2023:3884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:3884"
        },
        {
          "name": "RHSA-2023:3885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:3885"
        },
        {
          "name": "RHSA-2023:3888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:3888"
        },
        {
          "name": "RHSA-2023:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:3892"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-2585"
        },
        {
          "name": "RHBZ#2196335",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-24T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-06-26T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: client access via device auth request spoof",
      "x_redhatCweChain": "CWE-358: Improperly Implemented Security Check for Standard"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2585",
    "datePublished": "2023-12-21T09:24:16.632Z",
    "dateReserved": "2023-05-08T19:39:58.370Z",
    "dateUpdated": "2024-08-02T06:26:09.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27220 (GCVE-0-2022-27220)

Vulnerability from cvelistv5 – Published: 2022-06-14 09:21 – Updated: 2024-08-03 05:25
VLAI
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
Severity
No CVSS data available.
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
Impacted products
Vendor Product Version
Siemens SINEMA Remote Connect Server Affected: All versions < V3.0 SP2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:25:32.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SINEMA Remote Connect Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0 SP2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358: Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-14T09:21:41.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-27220",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINEMA Remote Connect Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-358: Improperly Implemented Security Check for Standard"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-27220",
    "datePublished": "2022-06-14T09:21:41.000Z",
    "dateReserved": "2022-03-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:25:32.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.