CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CVE-2021-41088 (GCVE-0-2021-41088)
Vulnerability from cvelistv5 – Published: 2021-09-23 19:55 – Updated: 2024-08-04 02:59
VLAI
Title
Remote code execution via the web UI backend of Elvish
Summary
Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).
Severity
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/elves/elvish/security/advisori… | x_refsource_CONFIRM |
| https://github.com/elves/elvish/commit/ccc2750037… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elvish",
"vendor": "elves",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish\u0027s web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T19:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5"
}
],
"source": {
"advisory": "GHSA-fpv6-f8jw-rc3r",
"discovery": "UNKNOWN"
},
"title": "Remote code execution via the web UI backend of Elvish",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41088",
"STATE": "PUBLIC",
"TITLE": "Remote code execution via the web UI backend of Elvish"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elvish",
"version": {
"version_data": [
{
"version_value": "\u003c 0.14.0"
}
]
}
}
]
},
"vendor_name": "elves"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish\u0027s web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r",
"refsource": "CONFIRM",
"url": "https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r"
},
{
"name": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5",
"refsource": "MISC",
"url": "https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5"
}
]
},
"source": {
"advisory": "GHSA-fpv6-f8jw-rc3r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41088",
"datePublished": "2021-09-23T19:55:10.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41094 (GCVE-0-2021-41094)
Vulnerability from cvelistv5 – Published: 2021-10-04 18:20 – Updated: 2024-08-04 02:59
VLAI
Title
Mandatory encryption at rest can be bypassed (UI) in Wire app
Summary
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70
Severity
4.2 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/wireapp/wire-ios/security/advi… | x_refsource_CONFIRM |
| https://github.com/wireapp/wire-ios/commit/5ba3eb… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wire-ios",
"vendor": "wireapp",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.68, \u003c 3.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T18:20:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746"
}
],
"source": {
"advisory": "GHSA-h4m7-pr8h-j7rf",
"discovery": "UNKNOWN"
},
"title": "Mandatory encryption at rest can be bypassed (UI) in Wire app",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41094",
"STATE": "PUBLIC",
"TITLE": "Mandatory encryption at rest can be bypassed (UI) in Wire app"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wire-ios",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.68, \u003c 3.70"
}
]
}
}
]
},
"vendor_name": "wireapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf",
"refsource": "CONFIRM",
"url": "https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf"
},
{
"name": "https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746",
"refsource": "MISC",
"url": "https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746"
}
]
},
"source": {
"advisory": "GHSA-h4m7-pr8h-j7rf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41094",
"datePublished": "2021-10-04T18:20:13.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41140 (GCVE-0-2021-41140)
Vulnerability from cvelistv5 – Published: 2021-10-19 18:05 – Updated: 2024-08-04 02:59
VLAI
Title
Reactions leak for secure category topics and private messages
Summary
Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.
Severity
5.3 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse-reactions/… | x_refsource_CONFIRM |
| https://github.com/discourse/discourse-reactions/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| discourse | discourse-reactions |
Affected:
< 0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse-reactions/commit/213d90b82fd15c4186ebc290fee18817d9727d0d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse-reactions",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:05:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse-reactions/commit/213d90b82fd15c4186ebc290fee18817d9727d0d"
}
],
"source": {
"advisory": "GHSA-9358-hwg5-jrmh",
"discovery": "UNKNOWN"
},
"title": "Reactions leak for secure category topics and private messages",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41140",
"STATE": "PUBLIC",
"TITLE": "Reactions leak for secure category topics and private messages"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse-reactions",
"version": {
"version_data": [
{
"version_value": "\u003c 0.2"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh"
},
{
"name": "https://github.com/discourse/discourse-reactions/commit/213d90b82fd15c4186ebc290fee18817d9727d0d",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse-reactions/commit/213d90b82fd15c4186ebc290fee18817d9727d0d"
}
]
},
"source": {
"advisory": "GHSA-9358-hwg5-jrmh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41140",
"datePublished": "2021-10-19T18:05:11.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44522 (GCVE-0-2021-44522)
Vulnerability from cvelistv5 – Published: 2021-12-14 12:07 – Updated: 2024-08-04 04:25
VLAI
Summary
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.
Severity
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SiPass integrated V2.76 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.80 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.85 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.5 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.6 |
Affected:
All versions < V1.6.284.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiPass integrated V2.76",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.85",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.6.284.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T12:07:09.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiPass integrated V2.76",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.80",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.85",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.5",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.6",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.6.284.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44522",
"datePublished": "2021-12-14T12:07:09.000Z",
"dateReserved": "2021-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44523 (GCVE-0-2021-44523)
Vulnerability from cvelistv5 – Published: 2021-12-14 12:07 – Updated: 2024-08-04 04:25
VLAI
Summary
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.
Severity
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SiPass integrated V2.76 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.80 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.85 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.5 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.6 |
Affected:
All versions < V1.6.284.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiPass integrated V2.76",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.85",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.6.284.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T12:07:10.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiPass integrated V2.76",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.80",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.85",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.5",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.6",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.6.284.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44523",
"datePublished": "2021-12-14T12:07:10.000Z",
"dateReserved": "2021-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44524 (GCVE-0-2021-44524)
Vulnerability from cvelistv5 – Published: 2021-12-14 12:07 – Updated: 2024-08-04 04:25
VLAI
Summary
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.
Severity
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SiPass integrated V2.76 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.80 |
Affected:
All versions
|
|
| Siemens | SiPass integrated V2.85 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.5 |
Affected:
All versions
|
|
| Siemens | Siveillance Identity V1.6 |
Affected:
All versions < V1.6.284.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiPass integrated V2.76",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SiPass integrated V2.85",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Siveillance Identity V1.6",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.6.284.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T12:07:11.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiPass integrated V2.76",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.80",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SiPass integrated V2.85",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.5",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Siveillance Identity V1.6",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.6.284.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44524",
"datePublished": "2021-12-14T12:07:11.000Z",
"dateReserved": "2021-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0815 (GCVE-0-2022-0815)
Vulnerability from cvelistv5 – Published: 2022-03-10 22:30 – Updated: 2024-08-02 23:40
VLAI
Title
McAfee WebAdvisor - Extension Fingerprinting vulnerability
Summary
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.
Severity
6.5 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://service.mcafee.com/?articleId=TS103273&pa… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee | McAfee WebAdvisor |
Affected:
unspecified , ≤ 8.1.0.1895
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.mcafee.com/?articleId=TS103273\u0026page=shell\u0026shell=article-view"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee WebAdvisor",
"vendor": "McAfee",
"versions": [
{
"lessThanOrEqual": "8.1.0.1895",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T22:30:11.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.mcafee.com/?articleId=TS103273\u0026page=shell\u0026shell=article-view"
}
],
"source": {
"advisory": "TS103273",
"discovery": "EXTERNAL"
},
"title": "McAfee WebAdvisor - Extension Fingerprinting vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2022-0815",
"STATE": "PUBLIC",
"TITLE": "McAfee WebAdvisor - Extension Fingerprinting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee WebAdvisor",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.1.0.1895"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user\u2019s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.mcafee.com/?articleId=TS103273\u0026page=shell\u0026shell=article-view",
"refsource": "MISC",
"url": "https://service.mcafee.com/?articleId=TS103273\u0026page=shell\u0026shell=article-view"
}
]
},
"source": {
"advisory": "TS103273",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2022-0815",
"datePublished": "2022-03-10T22:30:11.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1467 (GCVE-0-2022-1467)
Vulnerability from cvelistv5 – Published: 2022-05-23 19:17 – Updated: 2025-04-16 16:19
VLAI
Title
AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
Summary
Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.aveva.com/en/support-and-success/cybe… | x_refsource_MISC |
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AVEVA | AVEVA InTouch Access Anywhere |
Affected:
all
|
|
| AVEVA | AVEVA Plant SCADA Access Anywhere |
Affected:
all
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:57.240530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:11.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AVEVA InTouch Access Anywhere",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "AVEVA Plant SCADA Access Anywhere",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Giovanni Delvecchio from Aceaspa reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Windows OS can be configured to overlay a \u201clanguage bar\u201d on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-23T19:17:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere",
"workarounds": [
{
"lang": "en",
"value": "AVEVA recommends the following mitigations: \n\nDisable the Windows language bar on the server machine hosting InTouch Access Anywhere and Plant SCADA Access Anywhere applications unless it is required.\nCreate unique user accounts with minimal privileges dedicated only to remote access of InTouch Access Anywhere and Plant SCADA Access Anywhere applications.\nUtilize OS group policy objects (GPOs) to further restrict what those unique user accounts are allowed to do.\nRestrict access based on Microsoft\u2019s recommended block list.\nFor more information on this vulnerability, including security updates, please see security bulletin AVEVA-2022-001"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1467",
"STATE": "PUBLIC",
"TITLE": "AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVEVA InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "AVEVA"
},
{
"product": {
"product_data": [
{
"product_name": "AVEVA Plant SCADA Access Anywhere",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "AVEVA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Giovanni Delvecchio from Aceaspa reported this vulnerability to AVEVA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows OS can be configured to overlay a \u201clanguage bar\u201d on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/",
"refsource": "MISC",
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "AVEVA recommends the following mitigations: \n\nDisable the Windows language bar on the server machine hosting InTouch Access Anywhere and Plant SCADA Access Anywhere applications unless it is required.\nCreate unique user accounts with minimal privileges dedicated only to remote access of InTouch Access Anywhere and Plant SCADA Access Anywhere applications.\nUtilize OS group policy objects (GPOs) to further restrict what those unique user accounts are allowed to do.\nRestrict access based on Microsoft\u2019s recommended block list.\nFor more information on this vulnerability, including security updates, please see security bulletin AVEVA-2022-001"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1467",
"datePublished": "2022-05-23T19:17:02.000Z",
"dateReserved": "2022-04-25T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:11.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20917 (GCVE-0-2022-20917)
Vulnerability from cvelistv5 – Published: 2023-09-15 02:12 – Updated: 2024-09-25 14:13
VLAI
Summary
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.
This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Jabber |
Affected:
10.5(0)
Affected: 10.5(1) Affected: 10.5(2) Affected: 10.5(3) Affected: 10.5(4) Affected: 10.5(5) Affected: 10.5(6) Affected: 10.6(0) Affected: 10.6(1) Affected: 10.6(2) Affected: 10.6(3) Affected: 10.6(4) Affected: 10.6(5) Affected: 10.6(6) Affected: 10.6(7) Affected: 10.6(10) Affected: 10.6(11) Affected: 10.6(12) Affected: 10.6(8) Affected: 10.6(9) Affected: 11.0(0) Affected: 11.0(1) Affected: 11.0(2) Affected: 11.1(0) Affected: 11.1(1) Affected: 11.1(2) Affected: 11.1(3) Affected: 11.1(4) Affected: 11.5(0) Affected: 11.5(1) Affected: 11.5(2) Affected: 11.5(3) Affected: 11.5(4) Affected: 11.5(5) Affected: 11.5(6) Affected: 11.6(0) Affected: 11.6(1) Affected: 11.6(2) Affected: 11.6(3) Affected: 11.6(4) Affected: 11.7(0) Affected: 11.7(1) Affected: 11.7(2) Affected: 11.8(0) Affected: 11.8(1) Affected: 11.8(2) Affected: 11.8(3) Affected: 11.8(4) Affected: 11.8(5) Affected: 11.9(0) Affected: 11.9(1) Affected: 11.9(2) Affected: 11.9(3) Affected: 12.0(0) Affected: 12.0(1) Affected: 12.1(0) Affected: 12.1(1) Affected: 12.1(2) Affected: 12.1(3) Affected: 12.1(4) Affected: 12.1(5) Affected: 12.5(0) Affected: 12.5(1) Affected: 12.5(2) Affected: 12.5(3) Affected: 12.5(4) Affected: 12.6(0) Affected: 12.6(1) Affected: 12.6(2) Affected: 12.6(3) Affected: 12.6(4) Affected: 12.6(5) Affected: 12.7(0) Affected: 12.7(1) Affected: 12.7(2) Affected: 12.7(3) Affected: 12.7(4) Affected: 12.7(5) Affected: 12.8(0) Affected: 12.8(1) Affected: 12.8(2) Affected: 12.8(3) Affected: 12.8(4) Affected: 12.8(5) Affected: 12.8(6) Affected: 12.8(7) Affected: 12.9(0) Affected: 12.9(1) Affected: 12.9(2) Affected: 12.9(3) Affected: 12.9(4) Affected: 12.9(5) Affected: 12.9(6) Affected: 8.6(1) Affected: 8.6(2) Affected: 8.6(3) Affected: 8.6(4) Affected: 8.6(5) Affected: 8.6(6) Affected: 8.6(7) Affected: 9.0(1) Affected: 9.0(2) Affected: 9.0(3) Affected: 9.0(4) Affected: 9.0(5) Affected: 9.1(0) Affected: 9.1(1) Affected: 9.1(2) Affected: 9.1(3) Affected: 9.1(4) Affected: 9.1(5) Affected: 9.2(0) Affected: 9.2(1) Affected: 9.2(2) Affected: 9.2(3) Affected: 9.2(4) Affected: 9.2(5) Affected: 9.2(6) Affected: 9.2(7) Affected: 9.3(1) Affected: 9.3(2) Affected: 9.5(0) Affected: 9.6(0) Affected: 9.6(1) Affected: 9.6(2) Affected: 9.6(3) Affected: 9.6(4) Affected: 9.7(0) Affected: 9.7(1) Affected: 9.7(2) Affected: 9.7(3) Affected: 9.7(4) Affected: 9.7(5) Affected: 9.7(6) Affected: 9.7(7) Affected: Jabber For Windows Affected: 14.0(0) Affected: 14.0(1) Affected: 14.0(2) Affected: 14.0(3) Affected: 14.0(4) Affected: 11.2(0) Affected: 11.2(1) Affected: 14.1(0) Affected: 14.1(1) Affected: 14.1(2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:57.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-jabber-xmpp-Ne9SCM",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:03:09.028059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:13:11.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Jabber",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(0)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(3)"
},
{
"status": "affected",
"version": "10.5(4)"
},
{
"status": "affected",
"version": "10.5(5)"
},
{
"status": "affected",
"version": "10.5(6)"
},
{
"status": "affected",
"version": "10.6(0)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "10.6(3)"
},
{
"status": "affected",
"version": "10.6(4)"
},
{
"status": "affected",
"version": "10.6(5)"
},
{
"status": "affected",
"version": "10.6(6)"
},
{
"status": "affected",
"version": "10.6(7)"
},
{
"status": "affected",
"version": "10.6(10)"
},
{
"status": "affected",
"version": "10.6(11)"
},
{
"status": "affected",
"version": "10.6(12)"
},
{
"status": "affected",
"version": "10.6(8)"
},
{
"status": "affected",
"version": "10.6(9)"
},
{
"status": "affected",
"version": "11.0(0)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.1(0)"
},
{
"status": "affected",
"version": "11.1(1)"
},
{
"status": "affected",
"version": "11.1(2)"
},
{
"status": "affected",
"version": "11.1(3)"
},
{
"status": "affected",
"version": "11.1(4)"
},
{
"status": "affected",
"version": "11.5(0)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(2)"
},
{
"status": "affected",
"version": "11.5(3)"
},
{
"status": "affected",
"version": "11.5(4)"
},
{
"status": "affected",
"version": "11.5(5)"
},
{
"status": "affected",
"version": "11.5(6)"
},
{
"status": "affected",
"version": "11.6(0)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "11.6(3)"
},
{
"status": "affected",
"version": "11.6(4)"
},
{
"status": "affected",
"version": "11.7(0)"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "11.7(2)"
},
{
"status": "affected",
"version": "11.8(0)"
},
{
"status": "affected",
"version": "11.8(1)"
},
{
"status": "affected",
"version": "11.8(2)"
},
{
"status": "affected",
"version": "11.8(3)"
},
{
"status": "affected",
"version": "11.8(4)"
},
{
"status": "affected",
"version": "11.8(5)"
},
{
"status": "affected",
"version": "11.9(0)"
},
{
"status": "affected",
"version": "11.9(1)"
},
{
"status": "affected",
"version": "11.9(2)"
},
{
"status": "affected",
"version": "11.9(3)"
},
{
"status": "affected",
"version": "12.0(0)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.1(0)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "12.1(2)"
},
{
"status": "affected",
"version": "12.1(3)"
},
{
"status": "affected",
"version": "12.1(4)"
},
{
"status": "affected",
"version": "12.1(5)"
},
{
"status": "affected",
"version": "12.5(0)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.5(3)"
},
{
"status": "affected",
"version": "12.5(4)"
},
{
"status": "affected",
"version": "12.6(0)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(3)"
},
{
"status": "affected",
"version": "12.6(4)"
},
{
"status": "affected",
"version": "12.6(5)"
},
{
"status": "affected",
"version": "12.7(0)"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "12.7(2)"
},
{
"status": "affected",
"version": "12.7(3)"
},
{
"status": "affected",
"version": "12.7(4)"
},
{
"status": "affected",
"version": "12.7(5)"
},
{
"status": "affected",
"version": "12.8(0)"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.8(2)"
},
{
"status": "affected",
"version": "12.8(3)"
},
{
"status": "affected",
"version": "12.8(4)"
},
{
"status": "affected",
"version": "12.8(5)"
},
{
"status": "affected",
"version": "12.8(6)"
},
{
"status": "affected",
"version": "12.8(7)"
},
{
"status": "affected",
"version": "12.9(0)"
},
{
"status": "affected",
"version": "12.9(1)"
},
{
"status": "affected",
"version": "12.9(2)"
},
{
"status": "affected",
"version": "12.9(3)"
},
{
"status": "affected",
"version": "12.9(4)"
},
{
"status": "affected",
"version": "12.9(5)"
},
{
"status": "affected",
"version": "12.9(6)"
},
{
"status": "affected",
"version": "8.6(1)"
},
{
"status": "affected",
"version": "8.6(2)"
},
{
"status": "affected",
"version": "8.6(3)"
},
{
"status": "affected",
"version": "8.6(4)"
},
{
"status": "affected",
"version": "8.6(5)"
},
{
"status": "affected",
"version": "8.6(6)"
},
{
"status": "affected",
"version": "8.6(7)"
},
{
"status": "affected",
"version": "9.0(1)"
},
{
"status": "affected",
"version": "9.0(2)"
},
{
"status": "affected",
"version": "9.0(3)"
},
{
"status": "affected",
"version": "9.0(4)"
},
{
"status": "affected",
"version": "9.0(5)"
},
{
"status": "affected",
"version": "9.1(0)"
},
{
"status": "affected",
"version": "9.1(1)"
},
{
"status": "affected",
"version": "9.1(2)"
},
{
"status": "affected",
"version": "9.1(3)"
},
{
"status": "affected",
"version": "9.1(4)"
},
{
"status": "affected",
"version": "9.1(5)"
},
{
"status": "affected",
"version": "9.2(0)"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.2(2)"
},
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "9.2(4)"
},
{
"status": "affected",
"version": "9.2(5)"
},
{
"status": "affected",
"version": "9.2(6)"
},
{
"status": "affected",
"version": "9.2(7)"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "9.3(2)"
},
{
"status": "affected",
"version": "9.5(0)"
},
{
"status": "affected",
"version": "9.6(0)"
},
{
"status": "affected",
"version": "9.6(1)"
},
{
"status": "affected",
"version": "9.6(2)"
},
{
"status": "affected",
"version": "9.6(3)"
},
{
"status": "affected",
"version": "9.6(4)"
},
{
"status": "affected",
"version": "9.7(0)"
},
{
"status": "affected",
"version": "9.7(1)"
},
{
"status": "affected",
"version": "9.7(2)"
},
{
"status": "affected",
"version": "9.7(3)"
},
{
"status": "affected",
"version": "9.7(4)"
},
{
"status": "affected",
"version": "9.7(5)"
},
{
"status": "affected",
"version": "9.7(6)"
},
{
"status": "affected",
"version": "9.7(7)"
},
{
"status": "affected",
"version": "Jabber For Windows"
},
{
"status": "affected",
"version": "14.0(0)"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(2)"
},
{
"status": "affected",
"version": "14.0(3)"
},
{
"status": "affected",
"version": "14.0(4)"
},
{
"status": "affected",
"version": "11.2(0)"
},
{
"status": "affected",
"version": "11.2(1)"
},
{
"status": "affected",
"version": "14.1(0)"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.1(2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r\n This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:12.844Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-jabber-xmpp-Ne9SCM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM"
}
],
"source": {
"advisory": "cisco-sa-jabber-xmpp-Ne9SCM",
"defects": [
"CSCwc24382"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20917",
"datePublished": "2023-09-15T02:12:51.048Z",
"dateReserved": "2021-11-02T13:28:29.189Z",
"dateUpdated": "2024-09-25T14:13:11.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21718 (GCVE-0-2022-21718)
Vulnerability from cvelistv5 – Published: 2022-03-22 16:25 – Updated: 2025-04-23 18:45
VLAI
Title
Renderers can obtain access to random bluetooth device without permission in Electron
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/electron/electron/security/adv… | x_refsource_CONFIRM |
| https://github.com/electron/electron/pull/32178 | x_refsource_MISC |
| https://github.com/electron/electron/pull/32240 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:46.712540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:45:03.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 13.6.6"
},
{
"status": "affected",
"version": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"status": "affected",
"version": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T16:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
},
"title": "Renderers can obtain access to random bluetooth device without permission in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21718",
"STATE": "PUBLIC",
"TITLE": "Renderers can obtain access to random bluetooth device without permission in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 13.6.6"
},
{
"version_value": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"version_value": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"version_value": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"name": "https://github.com/electron/electron/pull/32178",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32178"
},
{
"name": "https://github.com/electron/electron/pull/32240",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32240"
}
]
},
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21718",
"datePublished": "2022-03-22T16:25:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:45:03.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.