Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by TheGreenBow
CVE-2025-11955 (GCVE-0-2025-11955)
Vulnerability from cvelistv5 – Published: 2025-10-27 11:30 – Updated: 2025-10-27 13:19
VLAI
Title
Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise
Summary
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-299 - Improper Check for Certificate Revocation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | |
| https://www.thegreenbow.com/en/support/security-alerts/ | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TheGreenBow | TheGreenBow VPN Client Windows Enterprise |
Affected:
7.5
Affected: 7.6 |
Date Public
2025-10-27 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:19:04.165058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:19:15.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TheGreenBow VPN Client Windows Enterprise",
"vendor": "TheGreenBow",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thegreenbow:thegreenbow_vpn_client_windows_enterprise:7.5:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thegreenbow:thegreenbow_vpn_client_windows_enterprise:7.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid."
}
],
"value": "Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-299",
"description": "CWE-299: Improper Check for Certificate Revocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T11:30:24.102Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificates-thegreenbow-vpn-client-windows"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.thegreenbow.com/en/support/security-alerts/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The feature that was vulnerable has been removed in the next minor version (version 7.7). It will be properly reintroduced in the next major version. To verify certificate revocation, it is recommended to use the CRL verification function of VPN clients."
}
],
"value": "The feature that was vulnerable has been removed in the next minor version (version 7.7). It will be properly reintroduced in the next major version. To verify certificate revocation, it is recommended to use the CRL verification function of VPN clients."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-11955",
"datePublished": "2025-10-27T11:30:24.102Z",
"dateReserved": "2025-10-20T11:57:59.432Z",
"dateUpdated": "2025-10-27T13:19:15.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47267 (GCVE-0-2023-47267)
Vulnerability from cvelistv5 – Published: 2023-12-19 00:00 – Updated: 2024-08-02 21:09
VLAI
Summary
An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T21:19:28.150Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47267",
"datePublished": "2023-12-19T00:00:00.000Z",
"dateReserved": "2023-11-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:09:36.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0392 (GCVE-0-2010-0392)
Vulnerability from cvelistv5 – Published: 2010-01-26 18:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.senseofsecurity.com.au/advisories/SOS-10-001 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/38262 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/40387 | vdb-entryx_refsource_BID |
| http://www.thegreenbow.com/download.php?id=1000150 | x_refsource_CONFIRM |
| http://osvdb.org/61866 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/509091/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-10-001",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40387"
},
{
"name": "http://www.thegreenbow.com/download.php?id=1000150",
"refsource": "CONFIRM",
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"refsource": "OSVDB",
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0392",
"datePublished": "2010-01-26T18:00:00.000Z",
"dateReserved": "2010-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:45:12.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2918 (GCVE-0-2009-2918)
Vulnerability from cvelistv5 – Published: 2009-08-21 10:00 – Updated: 2024-08-07 06:07
VLAI
Summary
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.evilfingers.com/advisory/Advisory/The… | x_refsource_MISC |
| http://secunia.com/advisories/36332 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/505816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2009/2294 | vdb-entryx_refsource_VUPEN |
Date Public
2009-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2918",
"datePublished": "2009-08-21T10:00:00.000Z",
"dateReserved": "2009-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:37.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11955 (GCVE-0-2025-11955)
Vulnerability from nvd – Published: 2025-10-27 11:30 – Updated: 2025-10-27 13:19
VLAI
Title
Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise
Summary
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-299 - Improper Check for Certificate Revocation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | |
| https://www.thegreenbow.com/en/support/security-alerts/ | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TheGreenBow | TheGreenBow VPN Client Windows Enterprise |
Affected:
7.5
Affected: 7.6 |
Date Public
2025-10-27 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T13:19:04.165058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:19:15.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TheGreenBow VPN Client Windows Enterprise",
"vendor": "TheGreenBow",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thegreenbow:thegreenbow_vpn_client_windows_enterprise:7.5:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:thegreenbow:thegreenbow_vpn_client_windows_enterprise:7.6:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid."
}
],
"value": "Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-299",
"description": "CWE-299: Improper Check for Certificate Revocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T11:30:24.102Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificates-thegreenbow-vpn-client-windows"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.thegreenbow.com/en/support/security-alerts/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The feature that was vulnerable has been removed in the next minor version (version 7.7). It will be properly reintroduced in the next major version. To verify certificate revocation, it is recommended to use the CRL verification function of VPN clients."
}
],
"value": "The feature that was vulnerable has been removed in the next minor version (version 7.7). It will be properly reintroduced in the next major version. To verify certificate revocation, it is recommended to use the CRL verification function of VPN clients."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-11955",
"datePublished": "2025-10-27T11:30:24.102Z",
"dateReserved": "2025-10-20T11:57:59.432Z",
"dateUpdated": "2025-10-27T13:19:15.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47267 (GCVE-0-2023-47267)
Vulnerability from nvd – Published: 2023-12-19 00:00 – Updated: 2024-08-02 21:09
VLAI
Summary
An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T21:19:28.150Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47267",
"datePublished": "2023-12-19T00:00:00.000Z",
"dateReserved": "2023-11-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:09:36.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0392 (GCVE-0-2010-0392)
Vulnerability from nvd – Published: 2010-01-26 18:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to "phase 2."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.senseofsecurity.com.au/advisories/SOS-10-001 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/38262 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/40387 | vdb-entryx_refsource_BID |
| http://www.thegreenbow.com/download.php?id=1000150 | x_refsource_CONFIRM |
| http://osvdb.org/61866 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/509091/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-10-001",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40387"
},
{
"name": "http://www.thegreenbow.com/download.php?id=1000150",
"refsource": "CONFIRM",
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"refsource": "OSVDB",
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0392",
"datePublished": "2010-01-26T18:00:00.000Z",
"dateReserved": "2010-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:45:12.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2918 (GCVE-0-2009-2918)
Vulnerability from nvd – Published: 2009-08-21 10:00 – Updated: 2024-08-07 06:07
VLAI
Summary
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.evilfingers.com/advisory/Advisory/The… | x_refsource_MISC |
| http://secunia.com/advisories/36332 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/505816/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2009/2294 | vdb-entryx_refsource_VUPEN |
Date Public
2009-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/TheGreenBow_VPN_Client_tgbvpn.sys_DoS.php"
},
{
"name": "36332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36332"
},
{
"name": "20090817 TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505816/100/0/threaded"
},
{
"name": "ADV-2009-2294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2918",
"datePublished": "2009-08-21T10:00:00.000Z",
"dateReserved": "2009-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:37.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0929
Vulnerability from certfr_avis - Published: 2025-10-27 - Updated: 2025-10-27
Une vulnérabilité a été découverte dans le client VPN de TheGreenBow. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| TheGreenBow | VPN Client | Windows Enterprise VPN Client version 7.5.x et 7.6.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Enterprise VPN Client version 7.5.x et 7.6.x",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-11955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11955"
}
],
"initial_release_date": "2025-10-27T00:00:00",
"last_revision_date": "2025-10-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0929",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le client VPN de TheGreenBow. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans le client VPN de TheGreenBow",
"vendor_advisories": [
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow 18200",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-18200"
}
]
}
CERTFR-2024-AVI-0803
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans TheGreenBow VPN Client. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| TheGreenBow | VPN Client | VPN Client versions antérieures à 2.5 pour macOS | ||
| TheGreenBow | VPN Client | VPN Client versions antérieures à 3.4 pour Linux (Ubuntu 22.04 et Red Hat 9) | ||
| TheGreenBow | VPN Client | VPN Client Enterprise sans le correctif de sécurité 7.5.008 pour Windows | ||
| TheGreenBow | VPN Client | VPN Client Standard sans le correctif de sécurité 6.87.109 pour Windows | ||
| TheGreenBow | VPN Client | VPN Client versions antérieures à 6.4 pour Android |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VPN Client versions ant\u00e9rieures \u00e0 2.5 pour macOS",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "VPN Client versions ant\u00e9rieures \u00e0 3.4 pour Linux (Ubuntu 22.04 et Red Hat 9)",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "VPN Client Enterprise sans le correctif de s\u00e9curit\u00e9 7.5.008 pour Windows",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "VPN Client Standard sans le correctif de s\u00e9curit\u00e9 6.87.109 pour Windows",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "VPN Client versions ant\u00e9rieures \u00e0 6.4 pour Android",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45750"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0803",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TheGreenBow VPN Client. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans TheGreenBow VPN Client ",
"vendor_advisories": [
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow 17024",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"
}
]
}
CERTFR-2023-AVI-0996
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans TheGreenBow VPN Client. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| TheGreenBow | VPN Client | Windows Certified VPN Client versions 6.52.x antérieures à 6.52.006 | ||
| TheGreenBow | VPN Client | Windows Standard VPN Client versions 6.87.x antérieures à 6.87.108 | ||
| TheGreenBow | VPN Client | Windows Enterprise VPN Client versions 6.87.x antérieures à 6.87.109 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Certified VPN Client versions 6.52.x ant\u00e9rieures \u00e0 6.52.006",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "Windows Standard VPN Client versions 6.87.x ant\u00e9rieures \u00e0 6.87.108",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "Windows Enterprise VPN Client versions 6.87.x ant\u00e9rieures \u00e0 6.87.109",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47267"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0996",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TheGreenBow VPN Client. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans TheGreenBow VPN Client",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow CVE-2023-47267 du 30 novembre 2023",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093"
}
]
}
CERTFR-2022-AVI-352
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits TheGreenBow. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
La première vulnérabilité ne dispose pas d'identifiant CVE.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| TheGreenBow | N/A | Client VPN certifié pour Windows versions antérieures à 6.52 | ||
| TheGreenBow | N/A | Client VPN Enterprise pour Windows versions antérieures à 6.87.108 | ||
| TheGreenBow | N/A | Client VPN Standard pour Windows versions antérieures à 6.87.108 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Client VPN certifi\u00e9 pour Windows versions ant\u00e9rieures \u00e0 6.52",
"product": {
"name": "N/A",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "Client VPN Enterprise pour Windows versions ant\u00e9rieures \u00e0 6.87.108",
"product": {
"name": "N/A",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "Client VPN Standard pour Windows versions ant\u00e9rieures \u00e0 6.87.108",
"product": {
"name": "N/A",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nTheGreenBow. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 ne dispose pas d\u0027identifiant CVE.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits TheGreenBow",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow TGB_2022_001 du 14 avril 2022",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-12537"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow TGB_2022_002 du 14 avril 2022",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-12538"
}
]
}
CERTFR-2019-AVI-178
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans TheGreenBow VPN Client. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| TheGreenBow | VPN Client | VPN Client versions 6.5x antérieures à 6.51 pour Windows | ||
| TheGreenBow | VPN Client | VPN Client versions antérieures à 5.22.008 pour Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VPN Client versions 6.5x ant\u00e9rieures \u00e0 6.51 pour Windows",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
},
{
"description": "VPN Client versions ant\u00e9rieures \u00e0 5.22.008 pour Windows",
"product": {
"name": "VPN Client",
"vendor": {
"name": "TheGreenBow",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTFR-2019-AVI-178",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TheGreenBow VPN\nClient. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TheGreenBow VPN Client",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TheGreenBow du 15 avril 2019",
"url": "http://www.thegreenbow.com/advisory.html"
}
]
}