Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

CVE-2022-31485 (GCVE-0-2022-31485)

Vulnerability from cvelistv5 – Published: 2022-06-06 16:41 – Updated: 2024-09-17 00:26
VLAI
Title
Unauthenticated homepage note modification
Summary
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Date Public
2022-06-02 00:00
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LNL-X2210",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X2220",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X3300",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1501",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-2500",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-4502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1501",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP2500",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker can send a specially crafted packets to update the \u201cnotes\u201d section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:41:09.000Z",
        "orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
        "shortName": "Carrier"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to the latest version of firmware"
        }
      ],
      "source": {
        "advisory": "CARR-PSA-006-0522",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated homepage note modification",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@carrier.com",
          "DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
          "ID": "CVE-2022-31485",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated homepage note modification"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LNL-X2210",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X2220",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X3300",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LenelS2"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LP1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HID Mercury"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated attacker can send a specially crafted packets to update the \u201cnotes\u201d section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
              "refsource": "MISC",
              "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to the latest version of firmware"
          }
        ],
        "source": {
          "advisory": "CARR-PSA-006-0522",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
    "assignerShortName": "Carrier",
    "cveId": "CVE-2022-31485",
    "datePublished": "2022-06-06T16:41:09.100Z",
    "dateReserved": "2022-05-23T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:26:24.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31484 (GCVE-0-2022-31484)

Vulnerability from cvelistv5 – Published: 2022-06-06 16:40 – Updated: 2024-09-17 01:37
VLAI
Title
User Account Deletion Unauthenticated
Summary
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Date Public
2022-06-02 00:00
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LNL-X2210",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X2220",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X3300",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1501",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-2500",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-4502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1501",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP2500",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.29",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:40:33.000Z",
        "orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
        "shortName": "Carrier"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to the latest version of firmware"
        }
      ],
      "source": {
        "advisory": "CARR-PSA-006-0522",
        "discovery": "EXTERNAL"
      },
      "title": "User Account Deletion Unauthenticated",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@carrier.com",
          "DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
          "ID": "CVE-2022-31484",
          "STATE": "PUBLIC",
          "TITLE": "User Account Deletion Unauthenticated"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LNL-X2210",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X2220",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X3300",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LenelS2"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LP1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.29"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HID Mercury"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
              "refsource": "MISC",
              "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to the latest version of firmware"
          }
        ],
        "source": {
          "advisory": "CARR-PSA-006-0522",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
    "assignerShortName": "Carrier",
    "cveId": "CVE-2022-31484",
    "datePublished": "2022-06-06T16:40:33.983Z",
    "dateReserved": "2022-05-23T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:37:06.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31480 (GCVE-0-2022-31480)

Vulnerability from cvelistv5 – Published: 2022-06-06 16:37 – Updated: 2024-09-17 01:55
VLAI
Title
Unauthenticated Firmware Upload and Arbitrary Reboot
Summary
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Date Public
2022-06-02 00:00
Credits
Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LNL-X2210",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X2220",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X3300",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-X4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LNL-4420",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.296",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1501",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-1502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-2500",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "S2-LP-4502",
          "vendor": "LenelS2",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1501",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP1502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP2500",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.302",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EP4502",
          "vendor": "HID Mercury",
          "versions": [
            {
              "lessThan": "1.296",
              "status": "affected",
              "version": "ALL",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:37:36.000Z",
        "orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
        "shortName": "Carrier"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to the latest version of firmware"
        }
      ],
      "source": {
        "advisory": "CARR-PSA-006-0522",
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Firmware Upload and Arbitrary Reboot",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productsecurity@carrier.com",
          "DATE_PUBLIC": "2022-06-02T22:00:00.000Z",
          "ID": "CVE-2022-31480",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated Firmware Upload and Arbitrary Reboot"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LNL-X2210",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X2220",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X3300",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-X4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LNL-4420",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.296"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S2-LP-4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LenelS2"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LP1501",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP1502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP2500",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.302"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EP4502",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "ALL",
                            "version_value": "1.296"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HID Mercury"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sam Quinn @eAyeP and Steve Povolny @spovolny from Trellix Threat Labs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.corporate.carrier.com/product-security/advisories-resources/",
              "refsource": "MISC",
              "url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to the latest version of firmware"
          }
        ],
        "source": {
          "advisory": "CARR-PSA-006-0522",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable the controller\u0027s Web Server.  \nWhen the controller is configured to disable web access, you cannot remotely login into the controller\u2019s web page.\n1. Login to controller web pages\n2. Go to \u201cUsers\u201d Tab\n3. Near bottom of the Users page, check option to \u201cDisable Web Server\u201d\n4. Then select \u201cSubmit\u201d at the bottom of the page\n5. Then select \u201cApply Settings\u201d tab\n6. And on that page, select button \u201cApply Settings, Reboot\u201d\nThe Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
    "assignerShortName": "Carrier",
    "cveId": "CVE-2022-31480",
    "datePublished": "2022-06-06T16:37:36.175Z",
    "dateReserved": "2022-05-23T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:55:48.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29238 (GCVE-0-2022-29238)

Vulnerability from cvelistv5 – Published: 2022-06-14 17:55 – Updated: 2025-04-23 18:16
VLAI
Title
Forced Browsing in Jupyter Notebook
Summary
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Vendor Product Version
jupyter notebook Affected: < 6.4.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:05:26.708258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:16:17.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "notebook",
          "vendor": "jupyter",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.4.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were \u0027hidden\u0027 but not \u0027inaccessible\u0027). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server\u0027s root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-14T17:55:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg"
        }
      ],
      "source": {
        "advisory": "GHSA-v7vq-3x77-87vg",
        "discovery": "UNKNOWN"
      },
      "title": "Forced Browsing in Jupyter Notebook",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29238",
          "STATE": "PUBLIC",
          "TITLE": "Forced Browsing in Jupyter Notebook"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "notebook",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 6.4.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "jupyter"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were \u0027hidden\u0027 but not \u0027inaccessible\u0027). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server\u0027s root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg",
              "refsource": "CONFIRM",
              "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-v7vq-3x77-87vg",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29238",
    "datePublished": "2022-06-14T17:55:10.000Z",
    "dateReserved": "2022-04-13T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:16:17.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-24385 (GCVE-0-2022-24385)

Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI
Title
Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
Summary
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
URL Tags
https://csirt.divd.nl/DIVD-2021-00029 x_refsource_CONFIRMrelated
https://csirt.divd.nl/CVE-2022-24385 x_refsource_CONFIRMthird-party-advisory
Impacted products
Vendor Product Version
SmarterTools SmarterTrack Affected: 100.x , < Build 8075 (custom)
Create a notification for this product.
Date Public
2022-03-11 00:00
Credits
Wietse Boonstra (DIVD) Finn van der Knaap (DIVD) Victor Gevers (DIVD)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:13:03.172916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:15:56.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:07:02.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "related",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/DIVD-2021-00029"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/CVE-2022-24385"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SmarterTrack",
          "vendor": "SmarterTools",
          "versions": [
            {
              "lessThan": "Build 8075",
              "status": "affected",
              "version": "100.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Wietse Boonstra (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Finn van der Knaap (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Gevers (DIVD)"
        }
      ],
      "datePublic": "2022-03-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T13:40:44.472Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM",
            "related"
          ],
          "url": "https://csirt.divd.nl/DIVD-2021-00029"
        },
        {
          "tags": [
            "x_refsource_CONFIRM",
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2022-24385"
        }
      ],
      "source": {
        "advisory": "DIVD-2021-00029",
        "discovery": "INTERNAL"
      },
      "title": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2022-24385",
    "datePublished": "2022-03-14T00:00:00.000Z",
    "dateReserved": "2022-02-03T00:00:00.000Z",
    "dateUpdated": "2025-03-11T13:40:44.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2551 (GCVE-0-2022-2551)

Vulnerability from cvelistv5 – Published: 2022-08-22 15:03 – Updated: 2024-08-03 00:39
VLAI
Title
Duplicator < 1.4.7 - Unauthenticated Backup Download
Summary
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
Severity
No CVSS data available.
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Vendor Product Version
Unknown Duplicator – WordPress Migration Plugin Affected: 1.4.7 , < 1.4.7 (custom)
Create a notification for this product.
Credits
Ihsan Sencan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:08.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Duplicator \u2013 WordPress Migration Plugin",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.4.7",
              "status": "affected",
              "version": "1.4.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ihsan Sencan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-22T15:03:52.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Duplicator \u003c 1.4.7 - Unauthenticated Backup Download",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2551",
          "STATE": "PUBLIC",
          "TITLE": "Duplicator \u003c 1.4.7 - Unauthenticated Backup Download"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Duplicator \u2013 WordPress Migration Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.4.7",
                            "version_value": "1.4.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ihsan Sencan"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0"
            },
            {
              "name": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551",
              "refsource": "MISC",
              "url": "https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2551",
    "datePublished": "2022-08-22T15:03:52.000Z",
    "dateReserved": "2022-07-27T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:39:08.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2544 (GCVE-0-2022-2544)

Vulnerability from cvelistv5 – Published: 2022-08-22 15:03 – Updated: 2024-08-03 00:39
VLAI
Title
Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing
Summary
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
Severity
No CVSS data available.
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Credits
Daniel Ruf
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:08.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467\u0026old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ninja Job Board \u2013 Ultimate WordPress Job Board Plugin",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "1.3.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Daniel Ruf"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-22T15:03:39.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467\u0026old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Ninja Job Board \u003c 1.3.3 - Resume Disclosure via Directory Listing",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2544",
          "STATE": "PUBLIC",
          "TITLE": "Ninja Job Board \u003c 1.3.3 - Resume Disclosure via Directory Listing"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ninja Job Board \u2013 Ultimate WordPress Job Board Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.3.3",
                            "version_value": "1.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Daniel Ruf"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467\u0026old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php",
              "refsource": "CONFIRM",
              "url": "https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467\u0026old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2544",
    "datePublished": "2022-08-22T15:03:39.000Z",
    "dateReserved": "2022-07-26T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:39:08.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2192 (GCVE-0-2022-2192)

Vulnerability from cvelistv5 – Published: 2022-07-19 14:07 – Updated: 2024-08-03 00:32
VLAI
Summary
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
URL Tags
https://www.hypr.com/security-advisories/ x_refsource_MISC
Impacted products
Vendor Product Version
HYPR HYPR Server Affected: next of 6.10 , < unspecified (custom)
Affected: unspecified , ≤ 6.15.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:08.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.hypr.com/security-advisories/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HYPR Server",
          "vendor": "HYPR",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "next of 6.10",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.15.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T14:07:38.000Z",
        "orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
        "shortName": "HYPR"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.hypr.com/security-advisories/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@hypr.com",
          "ID": "CVE-2022-2192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HYPR Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_value": "6.10"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.15.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HYPR"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.hypr.com/security-advisories/",
              "refsource": "MISC",
              "url": "https://www.hypr.com/security-advisories/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
    "assignerShortName": "HYPR",
    "cveId": "CVE-2022-2192",
    "datePublished": "2022-07-19T14:07:38.000Z",
    "dateReserved": "2022-06-23T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:32:08.717Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34588 (GCVE-0-2021-34588)

Vulnerability from cvelistv5 – Published: 2022-04-27 15:15 – Updated: 2024-09-16 21:07
VLAI
Title
Bender Charge Controller: Unprotected data export
Summary
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .
CWE
  • CWE-425 - Direct Request (Forced Browsing)
Assigner
References
Impacted products
Vendor Product Version
Bender / ebee CC612 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Bender / ebee CC613 Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Bender / ebee ICC15xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Bender / ebee ICC16xx Affected: 5.11.x , < 5.11.2 (custom)
Affected: 5.12.x , < 5.12.5 (custom)
Affected: 5.13.x , < 5.13.2 (custom)
Affected: 5.20.x , < 5.20.2 (custom)
Create a notification for this product.
Date Public
2022-04-27 00:00
Credits
Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:46.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CC612",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CC613",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC15xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ICC16xx",
          "vendor": "Bender / ebee",
          "versions": [
            {
              "lessThan": "5.11.2",
              "status": "affected",
              "version": "5.11.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.12.5",
              "status": "affected",
              "version": "5.12.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.2",
              "status": "affected",
              "version": "5.13.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.20.2",
              "status": "affected",
              "version": "5.20.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2022-04-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (Forced Browsing)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-27T15:15:25.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
        }
      ],
      "source": {
        "advisory": "VDE-2021-047",
        "defect": [
          "CERT@VDE#64088"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Bender Charge Controller: Unprotected data export",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-04-27T10:00:00.000Z",
          "ID": "CVE-2021-34588",
          "STATE": "PUBLIC",
          "TITLE": "Bender Charge Controller: Unprotected data export"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CC612",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CC613",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC15xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ICC16xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.11.x",
                            "version_value": "5.11.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.12.x",
                            "version_value": "5.12.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.13.x",
                            "version_value": "5.13.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.20.x",
                            "version_value": "5.20.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bender / ebee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bender thanks the IT security researchers at OpenSource Security GmbH for their thorough and in-depth work. The issue was coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot ."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (Forced Browsing)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-047",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-047"
            }
          ]
        },
        "source": {
          "advisory": "VDE-2021-047",
          "defect": [
            "CERT@VDE#64088"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34588",
    "datePublished": "2022-04-27T15:15:25.652Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T21:07:21.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24695 (GCVE-0-2021-24695)

Vulnerability from cvelistv5 – Published: 2021-11-08 17:35 – Updated: 2024-08-03 19:42
VLAI
Title
Simple Download Monitor < 3.9.6 - Unauthenticated Log Access
Summary
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames
Severity
No CVSS data available.
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Vendor Product Version
Unknown Simple Download Monitor Affected: 3.9.6 , < 3.9.6 (custom)
Create a notification for this product.
Credits
apple502j
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:42:16.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Simple Download Monitor",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.9.6",
              "status": "affected",
              "version": "3.9.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "apple502j"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-08T17:35:02.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Simple Download Monitor \u003c 3.9.6 - Unauthenticated Log Access",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24695",
          "STATE": "PUBLIC",
          "TITLE": "Simple Download Monitor \u003c 3.9.6 - Unauthenticated Log Access"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Simple Download Monitor",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.9.6",
                            "version_value": "3.9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "apple502j"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24695",
    "datePublished": "2021-11-08T17:35:02.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:42:16.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.