Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

CVE-2020-7541 (GCVE-0-2020-7541)

Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
VLAI
Summary
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
Severity
No CVSS data available.
CWE
  • CWE-425 - Direct Request ('Forced Browsing') vulnerability
Assigner
References
Impacted products
Vendor Product Version
n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-11T00:52:09.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7541",
    "datePublished": "2020-12-11T00:52:09.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-2388 (GCVE-0-2019-2388)

Vulnerability from cvelistv5 – Published: 2020-05-13 16:15 – Updated: 2024-08-04 18:49
VLAI
Title
Potential exposure of log information in Ops Manager
Summary
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Impacted products
Vendor Product Version
MongoDB Inc. MongoDB Ops Manager Affected: 4.0.9
Affected: 4.0.10
Affected: 4.1.5
Create a notification for this product.
Date Public
2020-05-13 11:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:49:46.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Ops Manager",
          "vendor": "MongoDB Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.9"
            },
            {
              "status": "affected",
              "version": "4.0.10"
            },
            {
              "status": "affected",
              "version": "4.1.5"
            }
          ]
        }
      ],
      "datePublic": "2020-05-13T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.\u003c/p\u003e"
            }
          ],
          "value": "In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T14:41:20.817Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11"
        }
      ],
      "source": {
        "defect": [
          "SECURITY-646"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Potential exposure of log information in Ops Manager",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@mongodb.com",
          "ID": "CVE-2019-2388",
          "STATE": "PUBLIC",
          "TITLE": "Potential exposure of log information in Ops Manager"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ops Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "4.0",
                            "version_value": "4.0.9"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "4.0",
                            "version_value": "4.0.10"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "4.1",
                            "version_value": "4.1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "MongoDB Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0",
              "refsource": "MISC",
              "url": "https://docs.opsmanager.mongodb.com/current/release-notes/application/#onprem-server-4-0"
            }
          ]
        },
        "source": {
          "defect": [
            "SECURITY-646"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2019-2388",
    "datePublished": "2020-05-13T16:15:13.000Z",
    "dateReserved": "2018-12-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T18:49:46.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3774 (GCVE-0-2018-3774)

Vulnerability from cvelistv5 – Published: 2018-08-12 22:00 – Updated: 2024-08-05 04:50
VLAI
Summary
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Severity
No CVSS data available.
CWE
  • CWE-425 - Forced Browsing (CWE-425)
Assigner
References
Impacted products
Vendor Product Version
HackerOne url-parse Affected: 1.4.3
Create a notification for this product.
Date Public
2018-07-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/384029"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "url-parse",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect parsing in url-parse \u003c1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "Forced Browsing (CWE-425)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-12T21:57:01.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/384029"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2018-3774",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "url-parse",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect parsing in url-parse \u003c1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Forced Browsing (CWE-425)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de",
              "refsource": "CONFIRM",
              "url": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de"
            },
            {
              "name": "https://hackerone.com/reports/384029",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/384029"
            },
            {
              "name": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a",
              "refsource": "CONFIRM",
              "url": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2018-3774",
    "datePublished": "2018-08-12T22:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-22WF-H889-R7Q7

Vulnerability from github – Published: 2025-03-26 12:30 – Updated: 2025-10-03 09:30
VLAI
Details

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-26T11:15:38Z",
    "severity": "CRITICAL"
  },
  "details": "Improper permission control\u00a0vulnerability in the OXARI\u00a0ServiceDesk\u00a0application could allow an attacker\u00a0using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI\u00a0ServiceDesk in versions before 2.0.324.0.",
  "id": "GHSA-22wf-h889-r7q7",
  "modified": "2025-10-03T09:30:19Z",
  "published": "2025-03-26T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1542"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/03/CVE-2025-1542"
    },
    {
      "type": "WEB",
      "url": "https://www.oxari.com/en/product/oxari-servicedesk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-282G-WXJW-75VJ

Vulnerability from github – Published: 2023-11-14 12:30 – Updated: 2025-02-11 12:30
VLAI
Details

A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T11:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3 (ST, PN) (All versions \u003c V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB205-3LD (SC, PN) (All versions \u003c V4.5), SCALANCE XB208 (E/IP) (All versions \u003c V4.5), SCALANCE XB208 (PN) (All versions \u003c V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3 (SC, PN) (All versions \u003c V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3 (ST, PN) (All versions \u003c V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions \u003c V4.5), SCALANCE XB213-3LD (SC, PN) (All versions \u003c V4.5), SCALANCE XB216 (E/IP) (All versions \u003c V4.5), SCALANCE XB216 (PN) (All versions \u003c V4.5), SCALANCE XC206-2 (SC) (All versions \u003c V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions \u003c V4.5), SCALANCE XC206-2G PoE (All versions \u003c V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions \u003c V4.5), SCALANCE XC206-2SFP (All versions \u003c V4.5), SCALANCE XC206-2SFP EEC (All versions \u003c V4.5), SCALANCE XC206-2SFP G (All versions \u003c V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions \u003c V4.5), SCALANCE XC206-2SFP G EEC (All versions \u003c V4.5), SCALANCE XC208 (All versions \u003c V4.5), SCALANCE XC208EEC (All versions \u003c V4.5), SCALANCE XC208G (All versions \u003c V4.5), SCALANCE XC208G (EIP def.) (All versions \u003c V4.5), SCALANCE XC208G EEC (All versions \u003c V4.5), SCALANCE XC208G PoE (All versions \u003c V4.5), SCALANCE XC208G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC216 (All versions \u003c V4.5), SCALANCE XC216-3G PoE (All versions \u003c V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions \u003c V4.5), SCALANCE XC216-4C (All versions \u003c V4.5), SCALANCE XC216-4C G (All versions \u003c V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions \u003c V4.5), SCALANCE XC216-4C G EEC (All versions \u003c V4.5), SCALANCE XC216EEC (All versions \u003c V4.5), SCALANCE XC224 (All versions \u003c V4.5), SCALANCE XC224-4C G (All versions \u003c V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions \u003c V4.5), SCALANCE XC224-4C G EEC (All versions \u003c V4.5), SCALANCE XF204 (All versions \u003c V4.5), SCALANCE XF204 DNA (All versions \u003c V4.5), SCALANCE XF204-2BA (All versions \u003c V4.5), SCALANCE XF204-2BA DNA (All versions \u003c V4.5), SCALANCE XP208 (All versions \u003c V4.5), SCALANCE XP208 (Ethernet/IP) (All versions \u003c V4.5), SCALANCE XP208EEC (All versions \u003c V4.5), SCALANCE XP208PoE EEC (All versions \u003c V4.5), SCALANCE XP216 (All versions \u003c V4.5), SCALANCE XP216 (Ethernet/IP) (All versions \u003c V4.5), SCALANCE XP216EEC (All versions \u003c V4.5), SCALANCE XP216POE EEC (All versions \u003c V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions \u003c V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions \u003c V4.5), SCALANCE XR326-2C PoE WG (All versions \u003c V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions \u003c V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions \u003c V4.5), SIPLUS NET SCALANCE XC206-2 (All versions \u003c V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions \u003c V4.5), SIPLUS NET SCALANCE XC208 (All versions \u003c V4.5), SIPLUS NET SCALANCE XC216-4C (All versions \u003c V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.",
  "id": "GHSA-282g-wxjw-75vj",
  "modified": "2025-02-11T12:30:52Z",
  "published": "2023-11-14T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44320"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CPF-J432-984Q

Vulnerability from github – Published: 2025-11-26 21:31 – Updated: 2025-12-11 00:30
VLAI
Details

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-26T20:15:50Z",
    "severity": "MODERATE"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.",
  "id": "GHSA-2cpf-j432-984q",
  "modified": "2025-12-11T00:30:26Z",
  "published": "2025-11-26T21:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6195"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3155693"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549937"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2FFF-JM87-282R

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:22
VLAI
Details

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-17503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-11T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.",
  "id": "GHSA-2fff-jm87-282r",
  "modified": "2024-04-04T02:22:34Z",
  "published": "2022-05-24T16:58:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2P6X-825W-G8F6

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-03-03 21:30
VLAI
Details

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.",
  "id": "GHSA-2p6x-825w-g8f6",
  "modified": "2023-03-03T21:30:21Z",
  "published": "2022-05-24T16:52:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14347"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ferdinandmartin/adive-php"
    },
    {
      "type": "WEB",
      "url": "https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2PRC-3JM3-RH65

Vulnerability from github – Published: 2024-08-14 03:31 – Updated: 2024-08-14 03:31
VLAI
Details

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T01:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-2prc-3jm3-rh65",
  "modified": "2024-08-14T03:31:08Z",
  "published": "2024-08-14T03:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7753"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Wsstiger/cve/blob/main/Clinic\u0027s_Directory.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.274372"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.274372"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.389361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2RRM-C66P-MGC8

Vulnerability from github – Published: 2026-01-23 06:31 – Updated: 2026-01-23 06:31
VLAI
Details

ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28299.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T04:16:06Z",
    "severity": "MODERATE"
  },
  "details": "ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based user interface. By navigating directly to a URL, a user can gain unauthorized access to data. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28299.",
  "id": "GHSA-2rrm-c66p-mgc8",
  "modified": "2026-01-23T06:31:25Z",
  "published": "2026-01-23T06:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0790"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.