Common Weakness Enumeration

CWE-749

Allowed

Exposed Dangerous Method or Function

Abstraction: Base · Status: Incomplete

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

304 vulnerabilities reference this CWE, most recent first.

CVE-2023-27363 (GCVE-0-2023-27363)

Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 12:09
VLAI
Title
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability
Summary
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
zdi
References
Impacted products
Vendor Product Version
Foxit PDF Reader Affected: 12.1.0.15250
Create a notification for this product.
foxit phantompdf Affected: 0 , < 10.1.11.37866 (custom)
    cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*
Create a notification for this product.
foxit pdf_editor Affected: 11.0.0 , ≤ 11.2.5.53785 (custom)
    cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*
Create a notification for this product.
foxit pdf_editor Affected: 0 , ≤ 10.1.11.37866 (custom)
    cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Create a notification for this product.
foxit phantompdf Affected: 0 , ≤ 10.1.11.37866 (custom)
    cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-05-01 21:29
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "phantompdf",
            "vendor": "foxit",
            "versions": [
              {
                "lessThan": "10.1.11.37866",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pdf_editor",
            "vendor": "foxit",
            "versions": [
              {
                "lessThanOrEqual": "11.2.5.53785",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pdf_editor",
            "vendor": "foxit",
            "versions": [
              {
                "lessThanOrEqual": "10.1.11.37866",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "phantompdf",
            "vendor": "foxit",
            "versions": [
              {
                "lessThanOrEqual": "10.1.11.37866",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27363",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T20:58:42.481767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-01T21:41:13.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-491",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-491/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.foxit.com/support/security-bulletins.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF Reader",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.0.15250"
            }
          ]
        }
      ],
      "dateAssigned": "2023-02-28T18:05:54.109Z",
      "datePublic": "2023-05-01T21:29:14.501Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T01:56:14.432Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-491",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-491/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.foxit.com/support/security-bulletins.html"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Andrea Micalizzi aka rgod"
      },
      "title": "Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-27363",
    "datePublished": "2024-05-03T01:56:14.432Z",
    "dateReserved": "2023-02-28T17:58:45.484Z",
    "dateUpdated": "2024-08-02T12:09:43.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26478 (GCVE-0-2023-26478)

Vulnerability from cvelistv5 – Published: 2023-03-02 17:46 – Updated: 2025-03-05 20:49
VLAI
Title
org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function
Summary
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
Impacted products
Vendor Product Version
xwiki xwiki-platform Affected: >= 14.3-rc-1, < 14.4.6
Affected: >= 14.5, < 14.9-rc-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:53:53.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p"
          },
          {
            "name": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d"
          },
          {
            "name": "https://jira.xwiki.org/browse/XWIKI-20180",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-20180"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T20:48:58.284479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T20:49:02.330Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 14.3-rc-1, \u003c 14.4.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 14.5, \u003c 14.9-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right.\n`com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user\u0027s rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-02T17:46:15.394Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-20180",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-20180"
        }
      ],
      "source": {
        "advisory": "GHSA-8692-g6g9-gm5p",
        "discovery": "UNKNOWN"
      },
      "title": "org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-26478",
    "datePublished": "2023-03-02T17:46:15.394Z",
    "dateReserved": "2023-02-23T23:22:58.573Z",
    "dateUpdated": "2025-03-05T20:49:02.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5389 (GCVE-0-2023-5389)

Vulnerability from cvelistv5 – Published: 2024-01-30 20:00 – Updated: 2025-06-17 21:29
VLAI
Summary
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. 
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 510.1 , ≤ 510.2 HF13 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
Create a notification for this product.
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Create a notification for this product.
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://process.honeywell.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.honeywell.com/us/en/product-security"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5389",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-31T15:30:52.882701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:29:17.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Experion PKS"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "510.2 HF13",
              "status": "affected",
              "version": "510.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "511.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Experion LX"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "511.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PlantCruise by Experion"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "520.2 TCU4 HFR2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u0026nbsp;"
            }
          ],
          "value": "\nAn attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-25T16:54:14.096Z",
        "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "shortName": "Honeywell"
      },
      "references": [
        {
          "url": "https://process.honeywell.com"
        },
        {
          "url": "https://www.honeywell.com/us/en/product-security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
    "assignerShortName": "Honeywell",
    "cveId": "CVE-2023-5389",
    "datePublished": "2024-01-30T20:00:50.382Z",
    "dateReserved": "2023-10-04T17:49:59.920Z",
    "dateUpdated": "2025-06-17T21:29:17.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3656 (GCVE-0-2023-3656)

Vulnerability from cvelistv5 – Published: 2023-10-03 07:39 – Updated: 2024-08-02 07:01
VLAI
Title
Unauthenticated Remote Code Execution
Summary
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.
CWE
  • CWE-749 - Exposed Dangerous Method or Function
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Date Public
2023-10-03 07:36
Credits
Michael Roland Tobias Höller Daniel Hofer Daniel Pekarek Michael Preisach
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cashit.at/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://doi.org/10.35011/ww2q-d522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "cashIT! - serving solutions.",
          "vendor": "PoS/ Dienstleistung, Entwicklung \u0026 Vertrieb GmbH",
          "versions": [
            {
              "lessThanOrEqual": "03.A06rks",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Roland"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tobias H\u00f6ller"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Hofer"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Pekarek"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Preisach"
        }
      ],
      "datePublic": "2023-10-03T07:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung \u0026amp; Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network."
            }
          ],
          "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung \u0026 Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-02T09:03:48.291Z",
        "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "shortName": "CyberDanube"
      },
      "references": [
        {
          "url": "https://www.cashit.at/"
        },
        {
          "url": "https://doi.org/10.35011/ww2q-d522"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Unauthenticated Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
    "assignerShortName": "CyberDanube",
    "cveId": "CVE-2023-3656",
    "datePublished": "2023-10-03T07:39:53.661Z",
    "dateReserved": "2023-07-13T07:01:30.677Z",
    "dateUpdated": "2024-08-02T07:01:57.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3655 (GCVE-0-2023-3655)

Vulnerability from cvelistv5 – Published: 2023-10-03 07:53 – Updated: 2025-06-17 15:04
VLAI
Title
Unauthenticated Remote Database Exfiltration
Summary
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
Impacted products
Date Public
2023-10-03 07:52
Credits
Michael Roland Tobias Höller Daniel Hofer Daniel Pekarek Michael Preisach
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cashit.at/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://doi.org/10.35011/ww2q-d522"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3655",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T15:04:03.031000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T15:04:17.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "cashIT! - serving solutions.",
          "vendor": "PoS/ Dienstleistung, Entwicklung \u0026 Vertrieb GmbH",
          "versions": [
            {
              "lessThanOrEqual": "03.A06rks 2023.02.37",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Roland"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tobias H\u00f6ller"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Hofer"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Pekarek"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Preisach"
        }
      ],
      "datePublic": "2023-10-03T07:52:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003ecashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung \u0026amp; Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability can be triggered by an HTTP endpoint exposed to the network.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung \u0026 Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-131",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-131 Resource Leak Exposure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-02T09:03:27.727Z",
        "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "shortName": "CyberDanube"
      },
      "references": [
        {
          "url": "https://www.cashit.at/"
        },
        {
          "url": "https://doi.org/10.35011/ww2q-d522"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Unauthenticated Remote Database Exfiltration",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
    "assignerShortName": "CyberDanube",
    "cveId": "CVE-2023-3655",
    "datePublished": "2023-10-03T07:53:13.467Z",
    "dateReserved": "2023-07-13T07:01:29.861Z",
    "dateUpdated": "2025-06-17T15:04:17.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3612 (GCVE-0-2023-3612)

Vulnerability from cvelistv5 – Published: 2023-09-11 09:04 – Updated: 2024-09-26 14:32
VLAI
Title
Unprotected WebView access in Govee Home App
Summary
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
Impacted products
Vendor Product Version
Govee Govee Home Affected: 5.7.03 , < 5.8.01 (custom)
Create a notification for this product.
Date Public
2023-09-11 10:30
Credits
Jan Adamski (johnny1337.pl; jan.adamski@nask.pl)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:32:16.829725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:32:25.277Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "iOS"
          ],
          "product": "Govee Home",
          "vendor": "Govee",
          "versions": [
            {
              "lessThan": "5.8.01",
              "status": "affected",
              "version": "5.7.03",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jan Adamski (johnny1337.pl; jan.adamski@nask.pl)"
        }
      ],
      "datePublic": "2023-09-11T10:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Govee Home app has unprotected access to WebView component which can be opened by any app on\u0026nbsp;the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or\u0026nbsp;steal sensitive user data by displaying phishing content. "
            }
          ],
          "value": "Govee Home app has unprotected access to WebView component which can be opened by any app on\u00a0the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or\u00a0steal sensitive user data by displaying phishing content. "
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-98",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-98 Phishing"
            }
          ]
        },
        {
          "capecId": "CAPEC-19",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-19 Embedding Scripts within Scripts"
            }
          ]
        },
        {
          "capecId": "CAPEC-22",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-22 Exploiting Trust in Client"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T06:17:09.814Z",
        "orgId": "bc375322-d3d7-4481-b261-e29662236cfd",
        "shortName": "SK-CERT"
      },
      "references": [
        {
          "url": "https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20230811-10"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to version 5.8.01 (released on 17.08.2023) or latest"
            }
          ],
          "value": "Update to version 5.8.01 (released on 17.08.2023) or latest"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-10T11:00:00.000Z",
          "value": "Received information about vulnerability from a security researcher - Jan Adamski (johnny1337.pl; jan.adamski@nask.pl)"
        },
        {
          "lang": "en",
          "time": "2023-07-11T11:39:00.000Z",
          "value": "Initial notification of the vendor"
        },
        {
          "lang": "en",
          "time": "2023-08-03T13:25:00.000Z",
          "value": "Vendor confirmed the receipt of vulnerability report"
        },
        {
          "lang": "en",
          "time": "2023-08-10T13:25:00.000Z",
          "value": "Vendor informed about security update being released on 17.08.2023"
        },
        {
          "lang": "en",
          "time": "2023-08-17T00:00:00.000Z",
          "value": "Updated version of the application released"
        }
      ],
      "title": "Unprotected WebView access in Govee Home App",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bc375322-d3d7-4481-b261-e29662236cfd",
    "assignerShortName": "SK-CERT",
    "cveId": "CVE-2023-3612",
    "datePublished": "2023-09-11T09:04:09.924Z",
    "dateReserved": "2023-07-11T06:15:11.185Z",
    "dateUpdated": "2024-09-26T14:32:25.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-46156 (GCVE-0-2022-46156)

Vulnerability from cvelistv5 – Published: 2022-11-30 00:00 – Updated: 2025-04-23 16:33
VLAI
Title
Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information
Summary
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it's recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it's recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-489 - Active Debug Code
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/security/advisories/GHSA-9j4f-f249-q5w8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/373"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/374"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:48:33.582343Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:33:36.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "synthetic-monitoring-agent",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Synthetic Monitoring Agent for Grafana\u0027s Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. Version 0.12.0 contains a fix. Users are advised to rotate the agent tokens. After upgrading to version v0.12.0 or later, it\u0027s recommended that users of distribution packages review the configuration stored in `/etc/synthetic-monitoring/synthetic-monitoring-agent.conf`, specifically the `API_TOKEN` variable which has been renamed to `SM_AGENT_API_TOKEN`. As a workaround for previous versions, it\u0027s recommended that users review the agent settings and set the HTTP listening address in a manner that limits the exposure, for example, localhost or a non-routed network, by using the command line parameter `-listen-address`, e.g. `-listen-address localhost:4050`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-489",
              "description": "CWE-489: Active Debug Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/security/advisories/GHSA-9j4f-f249-q5w8"
        },
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/373"
        },
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/374"
        },
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/pull/375"
        },
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228"
        },
        {
          "url": "https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-9j4f-f249-q5w8",
        "discovery": "UNKNOWN"
      },
      "title": "Grafana\u0027s default installation of `synthetic-monitoring-agent` exposes sensitive information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-46156",
    "datePublished": "2022-11-30T00:00:00.000Z",
    "dateReserved": "2022-11-28T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:33:36.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-37365 (GCVE-0-2022-37365)

Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 19:14
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
zdi
Impacted products
Credits
kimiya
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:20.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1093/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-37365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T19:14:40.388210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T19:14:45.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PDF-XChange Editor",
          "vendor": "PDF-XChange",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.361.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "kimiya"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T00:00:00.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "url": "https://www.tracker-software.com/product/pdf-xchange-editor/history"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1093/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2022-37365",
    "datePublished": "2023-03-29T00:00:00.000Z",
    "dateReserved": "2022-08-02T00:00:00.000Z",
    "dateUpdated": "2025-02-18T19:14:45.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-4136 (GCVE-0-2022-4136)

Vulnerability from cvelistv5 – Published: 2022-11-24 00:00 – Updated: 2025-04-14 17:48
VLAI
Title
Exposed Dangerous Method or Function in qmpaas/leadshop
Summary
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
Impacted products
Vendor Product Version
qmpaas qmpaas/leadshop Affected: unspecified , < 1.4.16 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:54.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4136",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:28:29.935281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T17:48:17.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "qmpaas/leadshop",
          "vendor": "qmpaas",
          "versions": [
            {
              "lessThan": "1.4.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-24T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3"
        },
        {
          "url": "https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67"
        }
      ],
      "source": {
        "advisory": "fe418ae1-7c80-4d91-8a5a-923d60ba78c3",
        "discovery": "EXTERNAL"
      },
      "title": "Exposed Dangerous Method or Function in qmpaas/leadshop"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-4136",
    "datePublished": "2022-11-24T00:00:00.000Z",
    "dateReserved": "2022-11-24T00:00:00.000Z",
    "dateUpdated": "2025-04-14T17:48:17.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-42128 (GCVE-0-2021-42128)

Vulnerability from cvelistv5 – Published: 2021-12-07 13:13 – Updated: 2024-08-04 03:30
VLAI
Summary
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
Severity
No CVSS data available.
CWE
  • CWE-749 - Exposed Dangerous Method or Function (CWE-749)
Assigner
References
Impacted products
Vendor Product Version
n/a Ivanti Avalanche Affected: 6.3.3
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:36.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ivanti Avalanche",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "6.3.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "Exposed Dangerous Method or Function (CWE-749)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-07T13:13:10.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2021-42128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ivanti Avalanche",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Exposed Dangerous Method or Function (CWE-749)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3",
              "refsource": "MISC",
              "url": "https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-42128",
    "datePublished": "2021-12-07T13:13:10.000Z",
    "dateReserved": "2021-10-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:30:36.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
  • Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
  • accessible to all users
  • restricted to a small set of privileged users
  • prevented from being directly accessible at all
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.