Common Weakness Enumeration

CWE-790

Allowed-with-Review

Improper Filtering of Special Elements

Abstraction: Class · Status: Incomplete

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

23 vulnerabilities reference this CWE, most recent first.

CVE-2026-9658 (GCVE-0-2026-9658)

Vulnerability from cvelistv5 – Published: 2026-05-28 11:36 – Updated: 2026-06-01 18:00
VLAI
Title
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths
Summary
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost: secret.example.com Note that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
  • CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers
Assigner
Impacted products
Vendor Product Version
RRWO Plack::Middleware::Security::Common Affected: 0 , < 0.13.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-28T22:33:29.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/28/9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-9658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T18:00:08.268723Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T18:00:18.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Plack-Middleware-Security-Simple",
          "product": "Plack::Middleware::Security::Common",
          "programFiles": [
            "lib/Plack/Middleware/Security/Common.pm"
          ],
          "programRoutines": [
            {
              "name": "Plack::Middleware::Security::Common::header_injection"
            }
          ],
          "repo": "https://github.com/robrwo/Plack-Middleware-Security-Simple",
          "vendor": "RRWO",
          "versions": [
            {
              "lessThan": "0.13.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.\n\nThe header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example,\n\n  GET /path\\r\\nHTTP/1.1\\r\\nHost: secret.example.com\n\nNote that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T11:36:50.565Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to 0.13.1 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use with the the the non_printable_chars rule to block header injections."
        }
      ],
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-9658",
    "datePublished": "2026-05-28T11:36:50.565Z",
    "dateReserved": "2026-05-26T20:57:50.718Z",
    "dateUpdated": "2026-06-01T18:00:18.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2328 (GCVE-0-2026-2328)

Vulnerability from cvelistv5 – Published: 2026-03-30 06:55 – Updated: 2026-03-30 18:08
VLAI
Title
Backend Access Due to Insufficient Input Validation
Summary
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
Vendor Product Version
WAGO Device Sphere Affected: 0.0.0 , < 1.2.2 (semver)
Create a notification for this product.
WAGO Solution Builder Affected: 0.0.0 , < 2.4.2 (semver)
Create a notification for this product.
Credits
Marvin Ramsperger from SySS GmbH
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2328",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T18:07:40.900442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T18:08:02.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Device Sphere",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Solution Builder",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "2.4.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Marvin Ramsperger from SySS GmbH"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T06:55:31.424Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2026-010"
        }
      ],
      "source": {
        "advisory": "VDE-2026-010",
        "defect": [
          "CERT@VDE#641951"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Backend Access Due to Insufficient Input Validation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-2328",
    "datePublished": "2026-03-30T06:55:31.424Z",
    "dateReserved": "2026-02-11T08:12:03.792Z",
    "dateUpdated": "2026-03-30T18:08:02.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-27260 (GCVE-0-2025-27260)

Vulnerability from cvelistv5 – Published: 2026-03-25 12:54 – Updated: 2026-03-25 13:50
VLAI
Title
Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
Summary
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
Create a notification for this product.
Credits
Telstra
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T13:50:26.371520Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T13:50:33.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Indoor Connect 8855",
          "vendor": "Ericsson",
          "versions": [
            {
              "changes": [
                {
                  "at": "2025.Q3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2025.Q3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Telstra"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u0026nbsp;vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
            }
          ],
          "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T13:18:23.060Z",
        "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "shortName": "ERIC"
      },
      "references": [
        {
          "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
        },
        {
          "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
    "assignerShortName": "ERIC",
    "cveId": "CVE-2025-27260",
    "datePublished": "2026-03-25T12:54:46.406Z",
    "dateReserved": "2025-02-21T08:58:20.367Z",
    "dateUpdated": "2026-03-25T13:50:33.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15576 (GCVE-0-2025-15576)

Vulnerability from cvelistv5 – Published: 2026-03-09 11:54 – Updated: 2026-03-10 18:56
VLAI
Title
Jail chroot escape via fd exchange with a different jail
Summary
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-488 - Exposure of Data Element to Wrong Session
  • CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 14.3-RELEASE , < p9 (release)
Affected: 13.5-RELEASE , < p10 (release)
Create a notification for this product.
Date Public
2026-02-24 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-15576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T18:56:28.342905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T18:56:48.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "jail"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p9",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p10",
              "status": "affected",
              "version": "13.5-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "datePublic": "2026-02-24T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one.\n\nIn this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other.\n\nWhen performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process.  If the jail root directory is not encountered, the lookup continues.\n\nIn a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process\u0027 jail root.  This enables full filesystem access for a jailed process, breaking the chroot.\n\nNote that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-790",
              "description": "CWE-790: Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T11:54:20.630Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:04.jail.asc"
        }
      ],
      "title": "Jail chroot escape via fd exchange with a different jail",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2025-15576",
    "datePublished": "2026-03-09T11:54:20.630Z",
    "dateReserved": "2026-02-09T17:48:45.726Z",
    "dateUpdated": "2026-03-10T18:56:48.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0431 (GCVE-0-2025-0431)

Vulnerability from cvelistv5 – Published: 2025-03-19 16:18 – Updated: 2025-03-19 17:38
VLAI
Title
Enterprise Protection Backslash URL Rewrite Bypass
Summary
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
Assigner
Impacted products
Vendor Product Version
Proofpoint Enterprise Protection Affected: 8.18.6 , < patch 5113 (semver)
Affected: 8.20.6 , < patch 5114 (semver)
Affected: 8.21.0 , < patch 5115 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-19T17:37:58.453989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T17:38:26.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Protection",
          "vendor": "Proofpoint",
          "versions": [
            {
              "changes": [
                {
                  "at": "patch 5113",
                  "status": "unaffected"
                }
              ],
              "lessThan": "patch 5113",
              "status": "affected",
              "version": "8.18.6",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "patch 5114",
                  "status": "unaffected"
                }
              ],
              "lessThan": "patch 5114",
              "status": "affected",
              "version": "8.20.6",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "patch 5115",
                  "status": "unaffected"
                }
              ],
              "lessThan": "patch 5115",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email.  This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
            }
          ],
          "value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email.  This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-19T16:18:23.793Z",
        "orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
        "shortName": "Proofpoint"
      },
      "references": [
        {
          "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Enterprise Protection Backslash URL Rewrite Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
    "assignerShortName": "Proofpoint",
    "cveId": "CVE-2025-0431",
    "datePublished": "2025-03-19T16:18:23.793Z",
    "dateReserved": "2025-01-13T19:25:35.786Z",
    "dateUpdated": "2025-03-19T17:38:26.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47984 (GCVE-0-2024-47984)

Vulnerability from cvelistv5 – Published: 2024-12-13 14:15 – Updated: 2024-12-13 20:38
VLAI
Summary
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
Vendor Product Version
Dell RecoverPoint for Virtual Machines Affected: 6.0 SP1
Affected: 6.0 SP1 P1
Create a notification for this product.
Date Public
2024-12-12 18:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47984",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-13T19:07:07.851953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-13T20:38:32.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RecoverPoint for Virtual Machines",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "6.0 SP1"
            },
            {
              "status": "affected",
              "version": "6.0 SP1 P1"
            }
          ]
        }
      ],
      "datePublic": "2024-12-12T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state."
            }
          ],
          "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790: Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-13T14:15:53.203Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-47984",
    "datePublished": "2024-12-13T14:15:53.203Z",
    "dateReserved": "2024-10-08T04:36:39.202Z",
    "dateUpdated": "2024-12-13T20:38:32.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43443 (GCVE-0-2024-43443)

Vulnerability from cvelistv5 – Published: 2024-08-26 08:42 – Updated: 2024-08-26 14:55
VLAI
Title
Stored XSS in process management
Summary
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
Assigner
Impacted products
Vendor Product Version
OTRS AG OTRS Affected: 7.0.x , ≤ 7.0.50 (Patch)
Affected: 8.0.x
Affected: 2023.x
Affected: 2024.x , ≤ 2024.5.x (Patch)
Create a notification for this product.
OTRS AG ((OTRS)) Community Edition Affected: 6.0.x
Create a notification for this product.
Date Public
2024-08-26 08:00
Credits
Special thanks to Marek Holka for reporting these vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T14:55:41.494333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T14:55:57.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Process Management"
          ],
          "product": "OTRS",
          "vendor": "OTRS AG",
          "versions": [
            {
              "lessThanOrEqual": "7.0.50",
              "status": "affected",
              "version": "7.0.x",
              "versionType": "Patch"
            },
            {
              "status": "affected",
              "version": "8.0.x"
            },
            {
              "status": "affected",
              "version": "2023.x"
            },
            {
              "lessThanOrEqual": "2024.5.x",
              "status": "affected",
              "version": "2024.x",
              "versionType": "Patch"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "modules": [
            "Process Management"
          ],
          "product": "((OTRS)) Community Edition",
          "vendor": "OTRS AG",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Special thanks to Marek Holka for reporting these vulnerability."
        }
      ],
      "datePublic": "2024-08-26T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input done by an attacker with admin privileges (\u0027Cross-site Scripting\u0027) in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.\u003cbr\u003e\u003cp\u003eThis issue affects: \u003c/p\u003e\u003cul\u003e\u003cli\u003eOTRS from 7.0.X through 7.0.50\u003c/li\u003e\u003cli\u003eOTRS 8.0.X\u003c/li\u003e\u003cli\u003eOTRS 2023.X\u003c/li\u003e\u003cli\u003eOTRS from 2024.X through 2024.5.X\u003c/li\u003e\u003cli\u003e((OTRS)) Community Edition: 6.0.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eProducts based on the ((OTRS)) Community Edition also very likely to be affected\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Improper Neutralization of Input done by an attacker with admin privileges (\u0027Cross-site Scripting\u0027) in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.\nThis issue affects: \n\n  *  OTRS from 7.0.X through 7.0.50\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS from 2024.X through 2024.5.X\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-26T08:42:55.095Z",
        "orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
        "shortName": "OTRS"
      },
      "references": [
        {
          "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-11/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to OTRS 2024.6.x or OTRS 7.0.51\u003cbr\u003e"
            }
          ],
          "value": "Update to OTRS 2024.6.x or OTRS 7.0.51"
        }
      ],
      "source": {
        "advisory": "OSA-2024-11",
        "defect": [
          "Issue#2592",
          "Ticket#2024061942000965"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Stored XSS in process management",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
    "assignerShortName": "OTRS",
    "cveId": "CVE-2024-43443",
    "datePublished": "2024-08-26T08:42:55.095Z",
    "dateReserved": "2024-08-13T13:38:47.972Z",
    "dateUpdated": "2024-08-26T14:55:57.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43442 (GCVE-0-2024-43442)

Vulnerability from cvelistv5 – Published: 2024-08-26 08:42 – Updated: 2024-08-26 15:27
VLAI
Title
Stored XSS in System Configuration
Summary
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in  OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue affects:  * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
Impacted products
Vendor Product Version
OTRS AG OTRS Affected: 7.0.x , ≤ 7.0.50 (Patch)
Affected: 8.0.x
Affected: 2023.x
Affected: 2024.x , ≤ 2024.5.x (Patch)
Create a notification for this product.
OTRS AG ((OTRS)) Community Edition Affected: 6.0.x
Create a notification for this product.
Date Public
2024-08-26 08:00
Credits
Special thanks to Marek Holka for reporting these vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43442",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T15:26:34.955357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T15:27:15.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "System Configuration"
          ],
          "product": "OTRS",
          "vendor": "OTRS AG",
          "versions": [
            {
              "lessThanOrEqual": "7.0.50",
              "status": "affected",
              "version": "7.0.x",
              "versionType": "Patch"
            },
            {
              "status": "affected",
              "version": "8.0.x"
            },
            {
              "status": "affected",
              "version": "2023.x"
            },
            {
              "lessThanOrEqual": "2024.5.x",
              "status": "affected",
              "version": "2024.x",
              "versionType": "Patch"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "((OTRS)) Community Edition",
          "vendor": "OTRS AG",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Special thanks to Marek Holka for reporting these vulnerability."
        }
      ],
      "datePublic": "2024-08-26T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input done by an attacker with admin privileges (\u0027Cross-site Scripting\u0027) in\u0026nbsp; OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.\u003cbr\u003e\u003cp\u003eThis issue affects:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOTRS from 7.0.X through 7.0.50\u003c/li\u003e\u003cli\u003eOTRS 8.0.X\u003c/li\u003e\u003cli\u003eOTRS 2023.X\u003c/li\u003e\u003cli\u003eOTRS from 2024.X through 2024.5.X\u003c/li\u003e\u003cli\u003e((OTRS)) Community Edition: 6.0.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eProducts based on the ((OTRS)) Community Edition also very likely to be affected\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Improper Neutralization of Input done by an attacker with admin privileges (\u0027Cross-site Scripting\u0027) in\u00a0 OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.\nThis issue affects:\u00a0\n\n  *  OTRS from 7.0.X through 7.0.50\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS from 2024.X through 2024.5.X\n  *  ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-26T08:42:39.842Z",
        "orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
        "shortName": "OTRS"
      },
      "references": [
        {
          "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-10/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to OTRS 2024.6.x or OTRS 7.0.51\u003cbr\u003e"
            }
          ],
          "value": "Update to OTRS 2024.6.x or OTRS 7.0.51"
        }
      ],
      "source": {
        "advisory": "OSA-2024-10",
        "defect": [
          "Ticket#2024061942000965",
          "Issue#2592"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Stored XSS in System Configuration",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
    "assignerShortName": "OTRS",
    "cveId": "CVE-2024-43442",
    "datePublished": "2024-08-26T08:42:39.842Z",
    "dateReserved": "2024-08-13T13:38:47.972Z",
    "dateUpdated": "2024-08-26T15:27:15.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42416 (GCVE-0-2024-42416)

Vulnerability from cvelistv5 – Published: 2024-09-05 04:31 – Updated: 2025-11-04 16:13
VLAI
Title
Multiple issues in ctl(4) CAM Target Layer
Summary
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
  • CWE-823 - Use of Out-of-range Pointer Offset
Assigner
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 14.1-RELEASE , < p4 (release)
Affected: 14.0-RELEASE , < p10 (release)
Affected: 13.3-RELEASE , < p6 (release)
Create a notification for this product.
freebsd freebsd Affected: 14.1 , < 14.1_p4 (custom)
Affected: 14.0 , < 14.0_p10 (custom)
Affected: 13.3 , < 13.3_p6 (custom)
    cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-09-04 23:37
Credits
Synacktiv The FreeBSD Foundation The Alpha-Omega Project
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freebsd",
            "vendor": "freebsd",
            "versions": [
              {
                "lessThan": "14.1_p4",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "14.0_p10",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.3_p6",
                "status": "affected",
                "version": "13.3",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-42416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T13:11:48.895786Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T13:12:10.303Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:13:44.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240920-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ctl"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p4",
              "status": "affected",
              "version": "14.1-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p10",
              "status": "affected",
              "version": "14.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p6",
              "status": "affected",
              "version": "13.3-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Synacktiv"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "The FreeBSD Foundation"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "The Alpha-Omega Project"
        }
      ],
      "datePublic": "2024-09-04T23:37:17.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-823",
              "description": "CWE-823 Use of Out-of-range Pointer Offset",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T04:31:15.698Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
        }
      ],
      "title": "Multiple issues in ctl(4) CAM Target Layer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2024-42416",
    "datePublished": "2024-09-05T04:31:15.698Z",
    "dateReserved": "2024-08-27T16:30:55.964Z",
    "dateUpdated": "2025-11-04T16:13:44.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6540 (GCVE-0-2024-6540)

Vulnerability from cvelistv5 – Published: 2024-07-15 07:13 – Updated: 2024-08-01 21:41
VLAI
Title
Information exlosure in external interface
Summary
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator. This issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-790 - Improper Filtering of Special Elements
Assigner
Impacted products
Vendor Product Version
OTRS AG OTRS Affected: 8.0.x
Affected: 2023.x
Affected: 2024.x , ≤ 2024.4.x (Patch)
Create a notification for this product.
Date Public
2024-07-15 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T13:10:12.804749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T13:10:28.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "External interface"
          ],
          "product": "OTRS",
          "vendor": "OTRS AG",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.x"
            },
            {
              "status": "affected",
              "version": "2023.x"
            },
            {
              "lessThanOrEqual": "2024.4.x",
              "status": "affected",
              "version": "2024.x",
              "versionType": "Patch"
            }
          ]
        }
      ],
      "datePublic": "2024-07-15T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\u003cbr\u003e\u003cp\u003eThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\u003c/p\u003e"
            }
          ],
          "value": "Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has been disabled by the administrator.\nThis issue affects OTRS: 8.0.X, 2023.X, from 2024.X through 2024.4.x\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-54",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-54 Query System for Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-790",
              "description": "CWE-790 Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T10:41:47.335Z",
        "orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
        "shortName": "OTRS"
      },
      "references": [
        {
          "url": "https://otrs.com/release-notes/otrs-security-advisory-2024-07/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to OTRS 2024.5.2\u003cbr\u003e"
            }
          ],
          "value": "Update to OTRS 2024.5.2\n"
        }
      ],
      "source": {
        "advisory": "OSA-2024-07",
        "defect": [
          "Issue##2638",
          "Ticket#2024070142001245"
        ],
        "discovery": "USER"
      },
      "title": "Information exlosure in external interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Have TicketSearchLegacyEngine enabled\u003cbr\u003e"
            }
          ],
          "value": "Have TicketSearchLegacyEngine enabled\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
    "assignerShortName": "OTRS",
    "cveId": "CVE-2024-6540",
    "datePublished": "2024-07-15T07:13:49.918Z",
    "dateReserved": "2024-07-08T07:35:49.064Z",
    "dateUpdated": "2024-08-01T21:41:03.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.