Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by YMS

    CVE-2024-3263 (GCVE-0-2024-3263)

    Vulnerability from cvelistv5 – Published: 2024-05-13 09:17 – Updated: 2024-08-01 20:05
    VLAI
    Title
    Improper authentication in YMS VIS Pro
    Summary
    YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.
    Severity
    9.8 (Critical)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    YMS VIS Pro Affected: 0 , ≤ 3.3.0.6 (custom)
    		Create a notification for this product.
    yms vis_pro Affected: 0 , ≤ 3.3.0.6 (custom)
        cpe:2.3:a:yms:vis_pro:*:*:*:*:*:*:*:*
    		 Create a notification for this product.
    Credits
    REMEDIATA (support@remediata.com)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:yms:vis_pro:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vis_pro",
            "vendor": "yms",
            "versions": [
              {
                "lessThanOrEqual": "3.3.0.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T15:37:29.443030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T17:24:49.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.svps.sk/vis/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://remediata.com/blog/cve-2024-3263-improper-authentication-in-yms-vis-pro/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VIS Pro",
          "vendor": "YMS",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "REMEDIATA (support@remediata.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eYMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions \u0026lt;= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions \u003c= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.\n\n\n\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-112",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-112 Brute Force"
            }
          ]
        },
        {
          "capecId": "CAPEC-49",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-49 Password Brute Forcing"
            }
          ]
        },
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        },
        {
          "capecId": "CAPEC-16",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-16 Dictionary-based Password Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521 Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T09:17:12.216Z",
        "orgId": "bc375322-d3d7-4481-b261-e29662236cfd",
        "shortName": "SK-CERT"
      },
      "references": [
        {
          "url": "https://www.svps.sk/vis/"
        },
        {
          "url": "https://remediata.com/blog/cve-2024-3263-improper-authentication-in-yms-vis-pro/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-25T22:53:00.000Z",
          "value": "Vulnerability reported to SK-CERT"
        },
        {
          "lang": "en",
          "time": "2024-02-26T12:12:00.000Z",
          "value": "Developer and system operator notified by SK-CERT"
        },
        {
          "lang": "en",
          "time": "2024-02-27T15:10:00.000Z",
          "value": "Vulnerability confirmed by system operator"
        },
        {
          "lang": "en",
          "time": "2024-04-17T14:18:00.000Z",
          "value": "Developer and system operator confirmed vulnerability fix"
        }
      ],
      "title": "Improper authentication in YMS VIS Pro",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bc375322-d3d7-4481-b261-e29662236cfd",
    "assignerShortName": "SK-CERT",
    "cveId": "CVE-2024-3263",
    "datePublished": "2024-05-13T09:17:12.216Z",
    "dateReserved": "2024-04-03T11:57:41.321Z",
    "dateUpdated": "2024-08-01T20:05:08.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}