Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2017-9944 (GCVE-0-2017-9944)

Vulnerability from cvelistv5 – Published: 2017-12-26 04:00 – Updated: 2024-08-05 17:25
VLAI
Summary
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
Severity
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03 Affected: Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03
Date Public
2017-12-25 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"
          },
          {
            "name": "101184",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101184"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Siemens 7KT PAC1200 data manager (7KT1260) All versions \u003c V2.03",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Siemens 7KT PAC1200 data manager (7KT1260) All versions \u003c V2.03"
            }
          ]
        }
      ],
      "datePublic": "2017-12-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions \u003c V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-26T10:57:01.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"
        },
        {
          "name": "101184",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101184"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Siemens 7KT PAC1200 data manager (7KT1260) All versions \u003c V2.03",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Siemens 7KT PAC1200 data manager (7KT1260) All versions \u003c V2.03"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions \u003c V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"
            },
            {
              "name": "101184",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101184"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9944",
    "datePublished": "2017-12-26T04:00:00.000Z",
    "dateReserved": "2017-06-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:25:00.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6871 (GCVE-0-2017-6871)

Vulnerability from cvelistv5 – Published: 2017-08-08 00:00 – Updated: 2024-08-05 15:41
VLAI
Summary
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.
Severity
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android Affected: SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android
Date Public
2017-08-07 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99582",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99582"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android"
            }
          ]
        }
      ],
      "datePublic": "2017-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app\u0027s authentication mechanism under certain conditions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-08T09:57:01.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "99582",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99582"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app\u0027s authentication mechanism under certain conditions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99582",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99582"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-6871",
    "datePublished": "2017-08-08T00:00:00.000Z",
    "dateReserved": "2017-03-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:41:17.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5174 (GCVE-0-2017-5174)

Vulnerability from cvelistv5 – Published: 2017-05-19 02:43 – Updated: 2024-08-05 14:55
VLAI
Summary
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Geutebruck IP Cameras Affected: Geutebruck IP Cameras
Date Public
2017-05-18 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96209",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96209"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02"
          },
          {
            "name": "41360",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41360/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Geutebruck IP Cameras",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Geutebruck IP Cameras"
            }
          ]
        }
      ],
      "datePublic": "2017-05-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "96209",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96209"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02"
        },
        {
          "name": "41360",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41360/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Geutebruck IP Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Geutebruck IP Cameras"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96209",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96209"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02"
            },
            {
              "name": "41360",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41360/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-5174",
    "datePublished": "2017-05-19T02:43:00.000Z",
    "dateReserved": "2017-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:55:35.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9497 (GCVE-0-2016-9497)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50
VLAI
Title
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel
Summary
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.
Severity
No CVSS data available.
CWE
Assigner
References
URL Tags
https://www.securityfocus.com/bid/96244 vdb-entryx_refsource_BID
https://www.kb.cert.org/vuls/id/614751 third-party-advisoryx_refsource_CERT-VN
Date Public
2017-02-15 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96244",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/96244"
          },
          {
            "name": "VU#614751",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/614751"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HN7740S",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "DW7000",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "HN7000S/SM",
          "vendor": "Hughes Satellite Modem",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2017-02-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-13T19:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "96244",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/96244"
        },
        {
          "name": "VU#614751",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/614751"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9497",
          "STATE": "PUBLIC",
          "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HN7740S",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "DW7000",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "HN7000S/SM",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hughes Satellite Modem"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96244",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/96244"
            },
            {
              "name": "VU#614751",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/614751"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-9497",
    "datePublished": "2018-07-13T20:00:00.000Z",
    "dateReserved": "2016-11-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:50:38.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-23CV-7MVX-JCQ6

Vulnerability from github – Published: 2024-10-28 12:30 – Updated: 2026-04-01 18:32
VLAI
Details

Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T12:15:16Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.",
  "id": "GHSA-23cv-7mvx-jcq6",
  "modified": "2026-04-01T18:32:10Z",
  "published": "2024-10-28T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50489"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/realty-workstation/vulnerability/wordpress-realty-workstation-plugin-1-0-45-account-takeover-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/realty-workstation/wordpress-realty-workstation-plugin-1-0-45-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-23VG-8XC3-J64M

Vulnerability from github – Published: 2024-05-08 03:30 – Updated: 2024-05-08 03:30
VLAI
Details

The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-08T03:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
  "id": "GHSA-23vg-8xc3-j64m",
  "modified": "2024-05-08T03:30:37Z",
  "published": "2024-05-08T03:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4393"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/social-connect/tags/1.2/openid/openid.php#L575"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-242H-XPV3-FJ4H

Vulnerability from github – Published: 2024-10-11 03:34 – Updated: 2024-10-11 03:34
VLAI
Details

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T03:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the \u0027login_admin_user\u0027 function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.",
  "id": "GHSA-242h-xpv3-fj4h",
  "modified": "2024-10-11T03:34:40Z",
  "published": "2024-10-11T03:34:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9822"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/pedalo-connector/tags/2.0.5/public/class-pedalo_connector-public.php#L118"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2493-C7MQ-CPJ4

Vulnerability from github – Published: 2023-05-25 03:30 – Updated: 2024-04-04 04:20
VLAI
Details

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-25T03:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.",
  "id": "GHSA-2493-c7mq-cpj4",
  "modified": "2024-04-04T04:20:14Z",
  "published": "2023-05-25T03:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2733"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/flutter-woo.php#L734"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2913397%40mstore-api\u0026old=2910707%40mstore-api\u0026sfp_email=\u0026sfph_mail=#file60"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c726d8f0-7f2a-414b-9d73-a053921074d9?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-24JJ-J75X-H48W

Vulnerability from github – Published: 2023-06-30 03:30 – Updated: 2026-04-08 21:31
VLAI
Details

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3249"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-30T02:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "The Web3 \u2013 Crypto wallet Login \u0026 NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the \u0027hidden_form_data\u0027 function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.",
  "id": "GHSA-24jj-j75x-h48w",
  "modified": "2026-04-08T21:31:58Z",
  "published": "2023-06-30T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3249"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/web3-authentication/tags/2.6.0/classes/common/Web3/controller/class-moweb3flowhandler.php#L198"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/2933325"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e30b62de-7280-4c29-b882-dfa83e65966b?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-259P-QFG9-JR98

Vulnerability from github – Published: 2024-12-03 18:31 – Updated: 2024-12-03 18:31
VLAI
Details

IBM Cognos Controller 11.0.0 and 11.0.1

could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-03T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\ncould allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.",
  "id": "GHSA-259p-qfg9-jr98",
  "modified": "2024-12-03T18:31:03Z",
  "published": "2024-12-03T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25036"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7177220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.