Vulnerabilites related to redhat - mobile_application_platform
CVE-2020-1723 (GCVE-0-2020-1723)
Vulnerability from cvelistv5
Published
2021-01-28 19:07
Modified
2024-08-04 06:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1770276 | x_refsource_MISC | |
| https://issues.redhat.com/browse/KEYCLOAK-11318 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Louketo | Keycloak Gatekeeper |
Version: 6.0.1 Version: 7.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/KEYCLOAK-11318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Keycloak Gatekeeper",
"vendor": "Louketo",
"versions": [
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T12:38:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.redhat.com/browse/KEYCLOAK-11318"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1723",
"datePublished": "2021-01-28T19:07:41",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7552 (GCVE-0-2017-7552)
Vulnerability from cvelistv5
Published
2017-09-28 20:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2674 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:2675 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1477797 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-30T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7552",
"datePublished": "2017-09-28T20:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7553 (GCVE-0-2017-7553)
Vulnerability from cvelistv5
Published
2017-09-28 20:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2674 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:2675 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1478792 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-30T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7553",
"datePublished": "2017-09-28T20:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:12.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7554 (GCVE-0-2017-7554)
Vulnerability from cvelistv5
Published
2017-09-28 20:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2674 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:2675 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1478770 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:12.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-30T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"name": "RHSA-2017:2675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7554",
"datePublished": "2017-09-28T20:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:12.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-01-28 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1770276 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://issues.redhat.com/browse/KEYCLOAK-11318 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1770276 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.redhat.com/browse/KEYCLOAK-11318 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| keycloak_gatekeeper_project | keycloak_gatekeeper | 6.0.1 | |
| keycloak_gatekeeper_project | keycloak_gatekeeper | 7.0.0 | |
| redhat | mobile_application_platform | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:keycloak_gatekeeper_project:keycloak_gatekeeper:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02ABAD14-153B-415A-AD27-513105E54021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:keycloak_gatekeeper_project:keycloak_gatekeeper:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4D0D9-F0F2-40CF-A3E8-6C9623506E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:mobile_application_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87BB5B9C-F5A4-4128-9CDF-FA14782DBE3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0"
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Keycloak Gatekeeper (Louketo). El punto final de cierre de sesi\u00f3n puede ser abusado para redireccionar a los usuarios conectados a p\u00e1ginas web arbitrarias. Versiones afectadas de Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0"
}
],
"id": "CVE-2020-1723",
"lastModified": "2024-11-21T05:11:14.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T20:15:12.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.redhat.com/browse/KEYCLOAK-11318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.redhat.com/browse/KEYCLOAK-11318"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-29 01:34
Modified
2025-04-20 01:37
Severity ?
Summary
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | mobile_application_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E67D227E-8AAE-4C87-8318-B6E465CA44CF",
"versionEndIncluding": "4.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints."
},
{
"lang": "es",
"value": "La llamada api external_request en App Studio (millicore) permite que se realicen ataques de tipo Server Side Request Forgery (SSRF). Un atacante podr\u00eda aprovechar este fallo para sondear los recursos internos de la red y acceder a puntos de conexi\u00f3n restringidos."
}
],
"id": "CVE-2017-7553",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:50.407",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478792"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-29 01:34
Modified
2025-04-20 01:37
Severity ?
Summary
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | mobile_application_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E67D227E-8AAE-4C87-8318-B6E465CA44CF",
"versionEndIncluding": "4.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en el editor de archivos de milicore que afecta a las versiones anteriores a la 3.19.0 y a las versiones 4.x anteriores a la 4.5.0, lo que permite que los archivos se ejecuten y se creen. Un atacante podr\u00eda aprovechar esta vulnerabilidad para comprometer otros proyectos de usuarios o equipos almacenados en el sistema de control de c\u00f3digo fuente (SCM) de la instalaci\u00f3n RHMAP Core."
}
],
"id": "CVE-2017-7552",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:50.373",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-29 01:34
Modified
2025-04-20 01:37
Severity ?
Summary
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | mobile_application_platform | 4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B231672A-BFBC-47C5-A923-D3802EB86AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio."
},
{
"lang": "es",
"value": "Se ha descubierto que el componente App Studio de RHMAP 4.4 ejecuta c\u00f3digo JavaScript proporcionado por el usuario. Un atacante podr\u00eda aprovechar este fallo para ejecutar un ataque de Cross-Site Scripting (XSS) persistente en un administrador de aplicaciones que emplee App Studio."
}
],
"id": "CVE-2017-7554",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:50.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}