CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
892 vulnerabilities reference this CWE, most recent first.
CVE-2024-38305 (GCVE-0-2024-38305)
Vulnerability from cvelistv5 – Published: 2024-08-21 01:54 – Updated: 2024-08-21 13:41- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022789… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | SupportAssist for Home PCs |
Affected:
4.0.3
|
|
| dell | supportassist_for_home_pcs |
Affected:
4.0.3
cpe:2.3:a:dell:supportassist_for_home_pcs:4.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:supportassist_for_home_pcs:4.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "supportassist_for_home_pcs",
"vendor": "dell",
"versions": [
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:24:46.175754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T13:41:13.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SupportAssist Installer"
],
"product": "SupportAssist for Home PCs",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank Shaurya1337 and sahilshah3276 for reporting this issue."
}
],
"datePublic": "2024-08-19T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges."
}
],
"value": "Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T01:54:46.614Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38305",
"datePublished": "2024-08-21T01:54:46.614Z",
"dateReserved": "2024-06-13T14:41:01.527Z",
"dateUpdated": "2024-08-21T13:41:13.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36507 (GCVE-0-2024-36507)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:53 – Updated: 2024-11-12 21:29- CWE-426 - Execute unauthorized code or commands
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientWindows |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) |
|
| fortinet | forticlientwindows |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "forticlientwindows",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:28:14.927903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:29:44.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:53:46.362Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-205",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-205"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientWindows version 7.4.1 or above \nPlease upgrade to FortiClientWindows version 7.2.5 or above \nPlease upgrade to FortiClientWindows version 7.0.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-36507",
"datePublished": "2024-11-12T18:53:46.362Z",
"dateReserved": "2024-05-29T08:44:50.759Z",
"dateUpdated": "2024-11-12T21:29:44.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35260 (GCVE-0-2024-35260)
Vulnerability from cvelistv5 – Published: 2024-06-27 17:32 – Updated: 2025-12-17 22:23 Exclusively Hosted Service- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Power Platform |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T21:37:42.923204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T21:37:58.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dataverse Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Power Platform",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:power_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "N/A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:23.885Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dataverse Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Microsoft Dataverse Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35260",
"datePublished": "2024-06-27T17:32:27.606Z",
"dateReserved": "2024-05-14T20:14:47.412Z",
"dateUpdated": "2025-12-17T22:23:23.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34123 (GCVE-0-2024-34123)
Vulnerability from cvelistv5 – Published: 2024-07-09 19:06 – Updated: 2024-08-02 02:42- CWE-426 - Untrusted Search Path (CWE-426)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/premier… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Premiere Pro |
Affected:
0 , ≤ 24.4.1
(semver)
|
|
| adobe | premiere_pro |
Affected:
0 , ≤ 24.4.1
(semver)
Affected: 0 , ≤ 23.6.5 (semver) cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "premiere_pro",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T03:55:21.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Premiere Pro",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "HIGH",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:06:50.067Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Premiere Pro arbitrary DLL loading lead to remote code execution"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34123",
"datePublished": "2024-07-09T19:06:50.067Z",
"dateReserved": "2024-04-30T19:50:50.908Z",
"dateUpdated": "2024-08-02T02:42:59.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32019 (GCVE-0-2024-32019)
Vulnerability from cvelistv5 – Published: 2024-04-12 20:33 – Updated: 2024-09-06 17:58- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://github.com/netdata/netdata/security/advis… | x_refsource_CONFIRM |
| https://github.com/netdata/netdata/pull/17377 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93"
},
{
"name": "https://github.com/netdata/netdata/pull/17377",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netdata/netdata/pull/17377"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netdata:netdata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netdata",
"vendor": "netdata",
"versions": [
{
"lessThan": "1.45.0-169",
"status": "affected",
"version": "1.44.0-60",
"versionType": "custom"
},
{
"lessThan": "1.45.3",
"status": "affected",
"version": "1.45.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T20:53:45.698496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:58:36.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netdata",
"vendor": "netdata",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.45.0, \u003c 1.45.3"
},
{
"status": "affected",
"version": "\u003e= 1.44.0-60, \u003c 1.45.0-169"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T20:33:18.080Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93"
},
{
"name": "https://github.com/netdata/netdata/pull/17377",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netdata/netdata/pull/17377"
}
],
"source": {
"advisory": "GHSA-pmhq-4cxq-wj93",
"discovery": "UNKNOWN"
},
"title": "ndsudo: local privilege escalation via untrusted search path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32019",
"datePublished": "2024-04-12T20:33:18.080Z",
"dateReserved": "2024-04-09T15:29:35.936Z",
"dateUpdated": "2024-09-06T17:58:36.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30100 (GCVE-0-2024-30100)
Vulnerability from cvelistv5 – Published: 2024-06-11 17:00 – Updated: 2025-12-17 22:23- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Affected:
16.0.0 , < 16.0.5452.1000
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10411.20004
(custom)
|
|
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Affected:
16.0.0 , < 16.0.17328.20362
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T03:55:53.559021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:31:44.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5452.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10411.20004",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.17328.20362",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5452.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10411.20004",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.17328.20362",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:39.730Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100"
}
],
"title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-30100",
"datePublished": "2024-06-11T17:00:02.610Z",
"dateReserved": "2024-03-22T23:12:15.573Z",
"dateUpdated": "2025-12-17T22:23:39.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28133 (GCVE-0-2024-28133)
Vulnerability from cvelistv5 – Published: 2024-05-14 08:09 – Updated: 2024-08-02 00:48- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | CHARX SEC-3000 |
Affected:
0 , ≤ 1.5.1
(semver)
|
|
| PHOENIX CONTACT | CHARX SEC-3050 |
Affected:
0 , ≤ 1.5.1
(semver)
|
|
| PHOENIX CONTACT | CHARX SEC-3100 |
Affected:
0 , ≤ 1.5.1
(semver)
|
|
| PHOENIX CONTACT | CHARX SEC-3150 |
Affected:
0 , ≤ 1.5.1
(semver)
|
|
| phoenixcontact | charx_sec_3100 |
Affected:
0 , ≤ 1.5.1
(custom)
cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:* |
|
| phoenixcontact | charx_sec_3150 |
Affected:
0 , ≤ 1.5.1
(custom)
cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:* |
|
| phoenixcontact | charx_sec_3000 |
Affected:
0 , ≤ 1.5.1
(custom)
cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:* |
|
| phoenixcontact | charx_sec_3050 |
Affected:
0 , ≤ 1.5.1
(custom)
cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3100",
"vendor": "phoenixcontact",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3150:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3150",
"vendor": "phoenixcontact",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3000",
"vendor": "phoenixcontact",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenixcontact:charx_sec_3050:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "charx_sec_3050",
"vendor": "phoenixcontact",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T14:19:05.526123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:24:12.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3100",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CHARX SEC-3150",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trend Micro\u0027s Zero Day Initiative"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cp\u003eA local low privileged attacker can use \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ean untrusted search path in a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCHARX system utility\u003c/span\u003e to gain\u003c/span\u003e\u0026nbsp;root\nprivileges.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n\u003cp\u003e\u003c/p\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
}
],
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local low privileged attacker can use an untrusted search path in a\u00a0CHARX system utility to gain\u00a0root\nprivileges.\u00a0\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T11:47:59.462Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
],
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"title": "PHOENIX CONTACT: Privilege escalation in CHARX Series ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-28133",
"datePublished": "2024-05-14T08:09:11.136Z",
"dateReserved": "2024-03-05T08:10:25.696Z",
"dateUpdated": "2024-08-02T00:48:49.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27303 (GCVE-0-2024-27303)
Vulnerability from cvelistv5 – Published: 2024-03-06 18:35 – Updated: 2024-08-13 17:12| URL | Tags |
|---|---|
| https://github.com/electron-userland/electron-bui… | x_refsource_CONFIRM |
| https://github.com/electron-userland/electron-bui… | x_refsource_MISC |
| https://github.com/electron-userland/electron-bui… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| electron-userland | electron-builder |
Affected:
< 24.13.2
|
|
| electron | electron-builder |
Affected:
0 , < 24.13.2
(custom)
cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
},
{
"name": "https://github.com/electron-userland/electron-builder/pull/8059",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron-userland/electron-builder/pull/8059"
},
{
"name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "electron-builder",
"vendor": "electron",
"versions": [
{
"lessThan": "24.13.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T20:09:00.747801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T17:12:24.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron-builder",
"vendor": "electron-userland",
"versions": [
{
"status": "affected",
"version": "\u003c 24.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there\u0027s no way to check if it exists in a current installer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T18:35:37.973Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
},
{
"name": "https://github.com/electron-userland/electron-builder/pull/8059",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron-userland/electron-builder/pull/8059"
},
{
"name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
}
],
"source": {
"advisory": "GHSA-r4pf-3v7r-hh55",
"discovery": "UNKNOWN"
},
"title": "electron-builder\u0027s NSIS installer - execute arbitrary code on the target machine (Windows only)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27303",
"datePublished": "2024-03-06T18:35:37.973Z",
"dateReserved": "2024-02-22T18:08:38.875Z",
"dateUpdated": "2024-08-13T17:12:24.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26198 (GCVE-0-2024-26198)
Vulnerability from cvelistv5 – Published: 2024-03-12 16:57 – Updated: 2025-05-03 00:46- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 14 |
Affected:
15.02.0 , < 15.02.1258.034
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Affected:
15.02.0 , < 15.02.1544.011
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0 , < 15.01.2507.039
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:36:00.911352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:20:35.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1258.034",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 13",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1544.011",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.039",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1258.034",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1544.011",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.039",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:46:49.245Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26198",
"datePublished": "2024-03-12T16:57:53.504Z",
"dateReserved": "2024-02-14T22:23:54.102Z",
"dateUpdated": "2025-05-03T00:46:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25103 (GCVE-0-2024-25103)
Vulnerability from cvelistv5 – Published: 2024-03-06 11:42 – Updated: 2024-09-23 11:19- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | |
|---|---|---|---|
| CDAC | AppSamvid Software |
Affected:
<=2.0.1
|
|
| cdac | appsamvid_software |
Affected:
0 , ≤ 2.0.1
(custom)
cpe:2.3:a:cdac:appsamvid_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0081"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cdac:appsamvid_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "appsamvid_software",
"vendor": "cdac",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:51:32.411086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:31:27.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppSamvid Software",
"vendor": "CDAC",
"versions": [
{
"status": "affected",
"version": "\u003c=2.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mukund Kedia and Avinash Kumar."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T11:19:05.925Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0081"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to AppSamvid version 2.0.2 or later.\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://cdac.in/index.aspx?id=cs_eps_appsamvid\"\u003ehttps://cdac.in/index.aspx?id=cs_eps_appsamvid\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-25103",
"datePublished": "2024-03-06T11:42:58.575Z",
"dateReserved": "2024-02-05T07:50:59.669Z",
"dateUpdated": "2024-09-23T11:19:05.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.