Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

CVE-2025-6352 (GCVE-0-2025-6352)

Vulnerability from cvelistv5 – Published: 2025-06-20 16:00 – Updated: 2025-06-23 17:14
VLAI
Title
code-projects Automated Voting System Backend vote.php direct request
Summary
A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
yunlin (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6352",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T17:14:34.390422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T17:14:37.442Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/asd1238525/cve/blob/main/Unauthorized.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Backend"
          ],
          "product": "Automated Voting System",
          "vendor": "code-projects",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yunlin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in code-projects Automated Voting System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /vote.php der Komponente Backend. Durch das Beeinflussen mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "Direct Request",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-20T16:00:13.679Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-313344 | code-projects Automated Voting System Backend vote.php direct request",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.313344"
        },
        {
          "name": "VDB-313344 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.313344"
        },
        {
          "name": "Submit #597239 | code-projects Automated Voting System 1.0 Exposure of Access Control List Files to an Unauthorized Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.597239"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/asd1238525/cve/blob/main/Unauthorized.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://code-projects.org/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-06-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-06-19T15:12:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "code-projects Automated Voting System Backend vote.php direct request"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-6352",
    "datePublished": "2025-06-20T16:00:13.679Z",
    "dateReserved": "2025-06-19T13:07:33.794Z",
    "dateUpdated": "2025-06-23T17:14:37.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6195 (GCVE-0-2025-6195)

Vulnerability from cvelistv5 – Published: 2025-11-26 19:46 – Updated: 2025-12-10 23:01
VLAI
Title
Direct Request ('Forced Browsing') in GitLab
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
URL Tags
https://about.gitlab.com/releases/2025/11/26/patc… vendor-advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/549937 issue-trackingpermissions-required
https://hackerone.com/reports/3155693 technical-descriptionexploitpermissions-required
Impacted products
Vendor Product Version
GitLab GitLab Affected: 13.7 , < 18.4.5 (semver)
Affected: 18.5 , < 18.5.3 (semver)
Affected: 18.6 , < 18.6.1 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6195",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T14:39:47.777226Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T19:34:53.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.4.5",
              "status": "affected",
              "version": "13.7",
              "versionType": "semver"
            },
            {
              "lessThan": "18.5.3",
              "status": "affected",
              "version": "18.5",
              "versionType": "semver"
            },
            {
              "lessThan": "18.6.1",
              "status": "affected",
              "version": "18.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-10T23:01:24.471Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Security Release Blog Post",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/"
        },
        {
          "name": "GitLab Issue #549937",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/549937"
        },
        {
          "name": "HackerOne Bug Bounty Report #3155693",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3155693"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.4.5, 18.5.3, 18.6.1 or above."
        }
      ],
      "title": "Direct Request (\u0027Forced Browsing\u0027) in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-6195",
    "datePublished": "2025-11-26T19:46:42.649Z",
    "dateReserved": "2025-06-17T06:30:37.944Z",
    "dateUpdated": "2025-12-10T23:01:24.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2595 (GCVE-0-2025-2595)

Vulnerability from cvelistv5 – Published: 2025-04-23 07:54 – Updated: 2025-04-23 16:27
VLAI
Title
Forced Browsing Vulnerability in CODESYS Visualization
Summary
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Vendor Product Version
CODESYS CODESYS Visualization Affected: 0.0.0.0 , < 4.8.0.0 (semver)
Create a notification for this product.
Credits
M. Ankith by Honeywell
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T16:25:51.380319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:27:02.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Visualization",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "0.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "M. Ankith by Honeywell"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
            }
          ],
          "value": "An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T07:54:00.430Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/en/advisories/VDE-2025-027"
        }
      ],
      "source": {
        "advisory": "VDE-2025-027",
        "defect": [
          "CERT@VDE#641763"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Forced Browsing Vulnerability in CODESYS Visualization",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-2595",
    "datePublished": "2025-04-23T07:54:00.430Z",
    "dateReserved": "2025-03-21T09:47:52.440Z",
    "dateUpdated": "2025-04-23T16:27:02.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2147 (GCVE-0-2025-2147)

Vulnerability from cvelistv5 – Published: 2025-03-10 11:00 – Updated: 2025-03-10 12:33
VLAI
Title
Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access
Summary
A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
LI YU (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2147",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T12:33:07.934507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T12:33:51.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modern Farm Digital Integrated Management System",
          "vendor": "Beijing Zhide Intelligent Internet Technology",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "LI YU (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil. Dank Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "Files or Directories Accessible",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "Direct Request",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T11:00:07.615Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-299058 | Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.299058"
        },
        {
          "name": "VDB-299058 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.299058"
        },
        {
          "name": "Submit #506593 | \u5317\u4eac\u690d\u5f97\u667a\u80fd\u4e92\u8054\u79d1\u6280\u6709\u9650\u516c\u53f8 \u745e\u7530\u73b0\u4ee3\u519c\u573a\u6570\u5b57\u5316\u7efc\u5408\u7ba1\u7406\u7cfb\u7edf v1.0 Exposure of Information Through Directory Listing",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.506593"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/fubxx/CVE/blob/main/%E7%91%9E%E7%94%B0%E7%8E%B0%E4%BB%A3%E5%86%9C%E5%9C%BA%E6%95%B0%E5%AD%97%E5%8C%96%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-03-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-03-10T07:05:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-2147",
    "datePublished": "2025-03-10T11:00:07.615Z",
    "dateReserved": "2025-03-10T06:00:47.437Z",
    "dateUpdated": "2025-03-10T12:33:51.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1542 (GCVE-0-2025-1542)

Vulnerability from cvelistv5 – Published: 2025-03-26 11:07 – Updated: 2025-10-03 09:05
VLAI
Title
Improper permission control in OXARI ServiceDesk
Summary
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
Impacted products
Vendor Product Version
Infonet Projekt SA OXARI ServiceDesk Affected: 0 , < 2.0.324.0 (custom)
Create a notification for this product.
Date Public
2025-03-26 11:00
Credits
Robert Jaroszuk - Penetration Tester @ Lufthansa Systems Poland
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T17:32:36.051581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T17:34:30.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OXARI ServiceDesk",
          "vendor": "Infonet Projekt SA",
          "versions": [
            {
              "lessThan": "2.0.324.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Robert Jaroszuk - Penetration Tester @ Lufthansa Systems Poland"
        }
      ],
      "datePublic": "2025-03-26T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper permission control\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability\u003c/span\u003e in the OXARI\u0026nbsp;ServiceDesk\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eapplication\u003c/span\u003e could allow an attacker\u0026nbsp;using a guest access or an unprivileged account to gain additional administrative permissions in the application.\u003cp\u003eThis issue affects OXARI\u0026nbsp;ServiceDesk in versions before 2.0.324.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper permission control\u00a0vulnerability in the OXARI\u00a0ServiceDesk\u00a0application could allow an attacker\u00a0using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI\u00a0ServiceDesk in versions before 2.0.324.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-03T09:05:29.077Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "url": "https://cert.pl/en/posts/2025/03/CVE-2025-1542/"
        },
        {
          "url": "https://www.oxari.com/en/product/oxari-servicedesk"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper permission control in OXARI ServiceDesk",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-1542",
    "datePublished": "2025-03-26T11:07:08.665Z",
    "dateReserved": "2025-02-21T09:29:15.269Z",
    "dateUpdated": "2025-10-03T09:05:29.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-58343 (GCVE-0-2024-58343)

Vulnerability from cvelistv5 – Published: 2026-04-16 22:27 – Updated: 2026-04-17 13:31
VLAI
Summary
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
Impacted products
Vendor Product Version
Vision Helpdesk Affected: 0 , < 5.6.10 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58343",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T13:26:27.158971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T13:31:05.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Helpdesk",
          "vendor": "Vision",
          "versions": [
            {
              "lessThan": "5.6.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T22:36:12.369Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/websec/Vision-Helpdesk-Exploit"
        },
        {
          "url": "https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-58343",
    "datePublished": "2026-04-16T22:27:03.084Z",
    "dateReserved": "2026-04-16T22:27:02.589Z",
    "dateUpdated": "2026-04-17T13:31:05.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-55075 (GCVE-0-2024-55075)

Vulnerability from cvelistv5 – Published: 2025-01-06 00:00 – Updated: 2025-01-06 21:13
VLAI
Summary
Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
Impacted products
Vendor Product Version
Grocy project Grocy Affected: 0 , ≤ 4.3.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55075",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T21:13:01.062965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T21:13:15.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Grocy",
          "vendor": "Grocy project",
          "versions": [
            {
              "lessThanOrEqual": "4.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:grocy_project:grocy:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "4.3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-06T20:47:19.072Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-55075",
    "datePublished": "2025-01-06T00:00:00.000Z",
    "dateReserved": "2024-12-06T00:00:00.000Z",
    "dateUpdated": "2025-01-06T21:13:15.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45195 (GCVE-0-2024-45195)

Vulnerability from cvelistv5 – Published: 2024-09-04 08:08 – Updated: 2025-10-21 22:55
VLAI
Title
Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Summary
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache OFBiz Affected: 0 , < 18.12.16 (custom)
Create a notification for this product.
apache ofbiz Affected: 0 , < 18.12.16 (custom)
    cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
shin24 from National Cyber Security Vietnam LuanPV from National Cyber Security Vietnam Ryan Emmons, Lead Security Researcher at Rapid7 Hasib Vhora, Senior Threat Researcher, SonicWall Xenc from SGLAB of Legendsec at Qi'anxin Group
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-04T09:03:00.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/09/03/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ofbiz",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "18.12.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45195",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T15:46:50.643589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:46.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-04T00:00:00.000Z",
            "value": "CVE-2024-45195 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache OFBiz",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "18.12.16",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "shin24 from National Cyber Security Vietnam"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "LuanPV from National Cyber Security Vietnam"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ryan Emmons, Lead Security Researcher at Rapid7"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Hasib Vhora, Senior Threat Researcher, SonicWall"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Xenc from SGLAB of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDirect Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OFBiz: before 18.12.16.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Direct Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.16.\n\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-04T08:08:59.201Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "mitigation",
            "product",
            "release-notes"
          ],
          "url": "https://ofbiz.apache.org/download.html"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://ofbiz.apache.org/security.html"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://issues.apache.org/jira/browse/OFBIZ-13130"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache OFBiz: Confused controller-view authorization logic (forced browsing)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-45195",
    "datePublished": "2024-09-04T08:08:59.201Z",
    "dateReserved": "2024-08-22T15:19:27.892Z",
    "dateUpdated": "2025-10-21T22:55:46.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42001 (GCVE-0-2024-42001)

Vulnerability from cvelistv5 – Published: 2024-08-08 19:39 – Updated: 2024-08-21 20:04
VLAI
Title
Vonets WiFi Bridges Forced Browsing
Summary
An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Vonets VAR1200-H Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR1200-L Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR600-H Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11AC Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-500S Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VBG1200 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11S-5G Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11S Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR11N-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11N-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-500 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VGA-1000 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
vonets var1200-h_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var1200-l_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var600-h_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11ac_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g-500s_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vbg1200_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11s-5g_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11s_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var11n-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11n-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vga-1000_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Wodzen reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var1200-h_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var1200-l_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var600-h_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11ac_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g-500s_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vbg1200_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11s-5g_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11s_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vga-1000_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T14:41:30.751151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T20:04:53.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VAR1200-H",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR1200-L",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR600-H",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11AC",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-500S",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VBG1200",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11S-5G",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11S",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR11N-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11N-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-500",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VBG1200",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11AC",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VGA-1000",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wodzen reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
            }
          ],
          "value": "An improper authentication vulnerability affecting Vonets\n\n\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior enables an unauthenticated remote attacker to \nbypass authentication via a specially crafted direct request when \nanother user has an active session."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Forced Browsing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-08T19:39:49.024Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
        }
      ],
      "source": {
        "advisory": "ICSA-24-214-08",
        "discovery": "EXTERNAL"
      },
      "title": "Vonets WiFi Bridges Forced Browsing",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact  Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com  for additional information."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-42001",
    "datePublished": "2024-08-08T19:39:49.024Z",
    "dateReserved": "2024-07-30T16:15:10.118Z",
    "dateUpdated": "2024-08-21T20:04:53.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39868 (GCVE-0-2024-39868)

Vulnerability from cvelistv5 – Published: 2024-07-09 12:05 – Updated: 2025-08-27 20:42
VLAI
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
Impacted products
Vendor Product Version
Siemens SINEMA Remote Connect Server Affected: 0 , < V3.2 SP1 (custom)
Create a notification for this product.
siemens sinema_remote_connect_server Affected: 0 , < V3.2 SP1 (custom)
    cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinema_remote_connect_server",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V3.2 SP1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T19:43:18.767680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:42:56.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:10.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SINEMA Remote Connect Server",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.2 SP1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T12:05:23.810Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-39868",
    "datePublished": "2024-07-09T12:05:23.810Z",
    "dateReserved": "2024-07-01T13:05:40.287Z",
    "dateUpdated": "2025-08-27T20:42:56.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.