CWE-477
AllowedUse of Obsolete Function
Abstraction: Base · Status: Draft
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
28 vulnerabilities reference this CWE, most recent first.
CVE-2022-1384 (GCVE-0-2022-1384)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:26 – Updated: 2024-12-06 23:09- CWE-477 - Use of Obsolete Function
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
unspecified , ≤ 6.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:52:58.546800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:09:22.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "CWE-477 Use of Obsolete Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:26:28.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to version v6.5 or higher"
}
],
"source": {
"advisory": "MMSA-2022-0095",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41885"
],
"discovery": "INTERNAL"
},
"title": "Authorized users are allowed to install old plugin versions from the Marketplace",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1384",
"STATE": "PUBLIC",
"TITLE": "Authorized users are allowed to install old plugin versions from the Marketplace"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-477 Use of Obsolete Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost to version v6.5 or higher"
}
],
"source": {
"advisory": "MMSA-2022-0095",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41885"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-1384",
"datePublished": "2022-04-19T20:26:28.000Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:09:22.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6978 (GCVE-0-2020-6978)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:09 – Updated: 2024-08-04 09:18- CWE-477 - USE OF OBSOLETE FUNCTION CWE-477
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-056-05 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Honeywell WIN-PAK 4.7.2, Web and prior versions |
Affected:
Honeywell WIN-PAK 4.7.2, Web and prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honeywell WIN-PAK 4.7.2, Web and prior versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Honeywell WIN-PAK 4.7.2, Web and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "USE OF OBSOLETE FUNCTION CWE-477",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-24T20:09:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honeywell WIN-PAK 4.7.2, Web and prior versions",
"version": {
"version_data": [
{
"version_value": "Honeywell WIN-PAK 4.7.2, Web and prior versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF OBSOLETE FUNCTION CWE-477"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6978",
"datePublished": "2020-03-24T20:09:17.000Z",
"dateReserved": "2020-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18251 (GCVE-0-2019-18251)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:29 – Updated: 2024-08-05 01:47- CWE-477 - USE OF OBSOLETE FUNCTION CWE-477
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-318-04 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Omron CX-Supervisor |
Affected:
Versions 3.5 (12) and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Omron CX-Supervisor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 3.5 (12) and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "USE OF OBSOLETE FUNCTION CWE-477",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-10T01:06:07.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Omron CX-Supervisor",
"version": {
"version_data": [
{
"version_value": "Versions 3.5 (12) and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF OBSOLETE FUNCTION CWE-477"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18251",
"datePublished": "2019-11-25T23:29:02.000Z",
"dateReserved": "2019-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10988 (GCVE-0-2019-10988)
Vulnerability from cvelistv5 – Published: 2019-09-04 13:36 – Updated: 2024-08-04 22:40- CWE-477 - USE OF OBSOLETE FUNCTION CWE-477
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-19-241-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Philips HDI 4000 Ultrasound Systems |
Affected:
All versions running on old, unsupported operating systems such as Windows 2000.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Philips HDI 4000 Ultrasound Systems",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions running on old, unsupported operating systems such as Windows 2000."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "USE OF OBSOLETE FUNCTION CWE-477",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T13:36:31.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips HDI 4000 Ultrasound Systems",
"version": {
"version_data": [
{
"version_value": "All versions running on old, unsupported operating systems such as Windows 2000."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF OBSOLETE FUNCTION CWE-477"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10988",
"datePublished": "2019-09-04T13:36:31.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10968 (GCVE-0-2019-10968)
Vulnerability from cvelistv5 – Published: 2019-07-24 14:46 – Updated: 2024-08-04 22:40- CWE-477 - USE OF OBSOLETE FUNCTION CWE-477
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-19-192-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Philips | Philips Holter 2010 Plus |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Philips Holter 2010 Plus",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "USE OF OBSOLETE FUNCTION CWE-477",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-24T14:46:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Holter 2010 Plus",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF OBSOLETE FUNCTION CWE-477"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10968",
"datePublished": "2019-07-24T14:46:14.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17890 (GCVE-0-2018-17890)
Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 03:32- CWE-477 - USE OF OBSOLETE FUNCTION CWE-477
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105717 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NUUO CMS",
"vendor": "NUUO",
"versions": [
{
"status": "affected",
"version": "All versions 3.1 and prior"
}
]
}
],
"datePublic": "2018-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-477",
"description": "USE OF OBSOLETE FUNCTION CWE-477",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-11T00:00:00",
"ID": "CVE-2018-17890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NUUO CMS",
"version": {
"version_data": [
{
"version_value": "All versions 3.1 and prior"
}
]
}
}
]
},
"vendor_name": "NUUO"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF OBSOLETE FUNCTION CWE-477"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105717"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17890",
"datePublished": "2018-10-12T14:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:32:27.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-233R-XCPJ-WQR5
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:21Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
{
"affected": [],
"aliases": [
"CVE-2019-10968"
],
"database_specific": {
"cwe_ids": [
"CWE-477"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.",
"id": "GHSA-233r-xcpj-wqr5",
"modified": "2024-04-04T01:21:49Z",
"published": "2022-05-24T16:51:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10968"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-43V6-MQ3R-QMHX
Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
{
"affected": [],
"aliases": [
"CVE-2025-49216"
],
"database_specific": {
"cwe_ids": [
"CWE-477"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T21:15:39Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.",
"id": "GHSA-43v6-mq3r-qmhx",
"modified": "2025-06-17T21:32:31Z",
"published": "2025-06-17T21:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49216"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-373"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W3F-M935-FXVQ
Vulnerability from github – Published: 2026-02-26 09:30 – Updated: 2026-03-12 15:30The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
{
"affected": [],
"aliases": [
"CVE-2026-1693"
],
"database_specific": {
"cwe_ids": [
"CWE-477"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T08:16:18Z",
"severity": "MODERATE"
},
"details": "The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.",
"id": "GHSA-5w3f-m935-fxvq",
"modified": "2026-03-12T15:30:22Z",
"published": "2026-02-26T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1693"
},
{
"type": "WEB",
"url": "https://www.pcvue.com/security/#SB2026-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear",
"type": "CVSS_V4"
}
]
}
GHSA-CGXQ-VV5M-P85Q
Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:45A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
{
"affected": [],
"aliases": [
"CVE-2023-28829"
],
"database_specific": {
"cwe_ids": [
"CWE-477"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T09:15:16Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions \u003c V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms \u0026 Events)) were used per default. These\nservices were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.",
"id": "GHSA-cgxq-vv5m-p85q",
"modified": "2024-04-04T04:45:44Z",
"published": "2023-06-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28829"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
Mitigation
Consider seriously the security implications of using an obsolete function. Consider using alternate functions.
No CAPEC attack patterns related to this CWE.