cvelistv5 - cve-2017-3846

CVE-2017-3846 (GCVE-0-2017-3846)

Vulnerability from cvelistv5

Published

2017-03-15 20:00

Modified

2024-08-05 14:39

Severity ?

CWE

CWE-20 - Arbitrary File Read Vulnerability

Summary

References

URL

	Vendor	Product	Version
	n/a	Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server	Version: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server

fkie_cve-2017-3846

Vulnerability from fkie_nvd

Published

2017-03-15 20:59

Modified

2025-04-20 01:37

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/96910	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038044
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96910	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038044
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	tidal_enterprise_scheduler	6.2.1.435
cisco	tidal_enterprise_scheduler	6.2.1.510
cisco	tidal_enterprise_scheduler	6.3.0
cisco	tidal_enterprise_scheduler	6.3.0.116

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*",
              "matchCriteriaId": "03664F3E-D42C-4437-910A-64D57DFF9664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "99AA140E-7F7F-44C2-9241-9ACDF4D75776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB809B62-B1B5-456F-B841-F4052C4F2B35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E15966-76FE-4E00-A509-248D9D6A3048",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el Client Manager Server de Cisco Workload Automation y Cisco Tidal Enterprise Scheduler podr\u00eda permitir a un atacante remoto no autenticado recuperar cualquier archivo de Client Manager Server. La vulnerabilidad se debe a la insuficiente validaci\u00f3n de entradas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una URL manipulada a Client Manager Server. Un exploit podr\u00eda permitir al atacante recuperar cualquier archivo de Cisco Workload Automation o Cisco Tidal Enterprise Scheduler Client Manager Server. Esta vulnerabilidad afecta a los siguientes productos: Cisco Tidal Enterprise Scheduler Client Manager Server versi\u00f3n 6.2.1.435 y versiones posteriores, Cisco Workload Automation Client Manager Server versi\u00f3n 6.3.0.116 y versiones posteriores. ID de errores de Cisco: CSCvc90789."
    }
  ],
  "id": "CVE-2017-3846",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-15T20:59:00.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1038044"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et postérieures
Cisco	N/A	Cisco 8500 Series Wireless Controller
Cisco	N/A	Cisco Flex 7500 Series Wireless Controller
Cisco	N/A	Cisco Virtual Wireless Controller
Cisco	N/A	Cisco Mobility Express 1800 Series Access Points avec une version logicielle antérieure à 8.2.110.0
Cisco	N/A	Cisco Virtualized Packet Core avec StarOS versions antérieures à N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH
Cisco	N/A	Wireless Services Module 2 (WiSM2)
Cisco	N/A	Cisco ASR 5000/5500/5700 Series avec StarOS versions postérieures à 17.7.0 et antérieures à 18.7.4, 19.5, ou 20.2.3 avec SSH
Cisco	N/A	Cisco 5500 Series Wireless Controller
Cisco	N/A	Cisco Workload Automation Client Manager Server versions 6.3.0.116 et postérieures
Cisco	N/A	Cisco 2500 Series Wireless Controller

References

Title

Publication Time

var-201703-0715

Vulnerability from variot

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789. Vendors have confirmed this vulnerability Bug ID CSCvc90789 It is released as.Information may be obtained. Multiple Cisco Products are prone to a security vulnerability that allows remote attackers to read arbitrary files. Successful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. TES a set of work automation solutions. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered. CWA is a suite of software for optimizing data center workload management.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"]

-----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJYyWWrZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlc+Q/+NaDFV8ZqaPeGvBEm 46PrfX/+OeR2y869YrW7TzIayWy7WWGVZTZC/01NQUnS+YZUpqzHaMNpNjgNrudL S6hP4VrFEYWdSMYcqNw4k/S9ZSQPilJdyZ+0Z8CgJR9R0NtaC5m6MUbdqfmdA7+0 JrsHWiyWJV6t4WdxdPf6qOeLHO4lKhpkSIMhwQdhKzF7S9P8qzsKJZAfApArzrsb JpvUMA17gGBNCiEKIBYohxJ8BKKwdFOQb8W5Oh+rnRxktRHd+zsEtHPPg0QYZe49 XO4usDU9PPZCeA5Z25bBucNgIG96yTt4xM6TfZKeG9cqPAM8HbsWrk/coXM2Z5Ts NKPpvE3snKwPdCADb12IF25FCiPCVyZiVhyb76n0ViiGTTu7MxjFJJ7mR5Sp3D1M vOS8Ha21SdW0Phlf3w8S8J73gw7aqd4jU2hghAHkBOqzxvyrjYSsbKbENt0zv9p7 t1F0HwKV8hY+gUiK49+fqaH+Sq8MFVJAdX1LVqa/cyqwZzGO1i5uVHDp6PQ94ZBC XLhTgZnx/kTg6uJshmpd9scKaRB0IvSzPYiWm+C66ss9dIgLJwj8PfXnt5pwnMzb J0aJydejldPn896Y4GG4tBJd+mD4uNImqsLH4iRnB4RXnjOH6sEaf9REammL5C+j weZFM3KTJLnOjdAs2rMOaCfp60s= =HobL -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0715",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "6.2.1.435"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2.1.510"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.3.0.116"
      },
      {
        "model": "tidal enterprise scheduler",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "workload automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3.0.116"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:tidal_enterprise_scheduler",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "96910"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3846",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-3846",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-112049",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-3846",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3846",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3846",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-636",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-112049",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789. Vendors have confirmed this vulnerability Bug ID CSCvc90789 It is released as.Information may be obtained. Multiple Cisco Products are prone to a security vulnerability that allows remote attackers to read arbitrary files. \nSuccessful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. TES a set of work automation solutions. The solution simplifies the way enterprise-wide job scheduling and automated business processes are defined, managed and delivered. CWA is a suite of software for optimizing data center workload management. \n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. \n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\"]\n\n-----BEGIN PGP SIGNATURE-----\n\niQKBBAEBAgBrBQJYyWWrZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg\nSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx\nNykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlc+Q/+NaDFV8ZqaPeGvBEm\n46PrfX/+OeR2y869YrW7TzIayWy7WWGVZTZC/01NQUnS+YZUpqzHaMNpNjgNrudL\nS6hP4VrFEYWdSMYcqNw4k/S9ZSQPilJdyZ+0Z8CgJR9R0NtaC5m6MUbdqfmdA7+0\nJrsHWiyWJV6t4WdxdPf6qOeLHO4lKhpkSIMhwQdhKzF7S9P8qzsKJZAfApArzrsb\nJpvUMA17gGBNCiEKIBYohxJ8BKKwdFOQb8W5Oh+rnRxktRHd+zsEtHPPg0QYZe49\nXO4usDU9PPZCeA5Z25bBucNgIG96yTt4xM6TfZKeG9cqPAM8HbsWrk/coXM2Z5Ts\nNKPpvE3snKwPdCADb12IF25FCiPCVyZiVhyb76n0ViiGTTu7MxjFJJ7mR5Sp3D1M\nvOS8Ha21SdW0Phlf3w8S8J73gw7aqd4jU2hghAHkBOqzxvyrjYSsbKbENt0zv9p7\nt1F0HwKV8hY+gUiK49+fqaH+Sq8MFVJAdX1LVqa/cyqwZzGO1i5uVHDp6PQ94ZBC\nXLhTgZnx/kTg6uJshmpd9scKaRB0IvSzPYiWm+C66ss9dIgLJwj8PfXnt5pwnMzb\nJ0aJydejldPn896Y4GG4tBJd+mD4uNImqsLH4iRnB4RXnjOH6sEaf9REammL5C+j\nweZFM3KTJLnOjdAs2rMOaCfp60s=\n=HobL\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-112049",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3846",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "96910",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1038044",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "141663",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-112049",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "id": "VAR-201703-0715",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:07:30.907000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170315-tes",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
      },
      {
        "title": "Cisco Tidal Enterprise Scheduler  and Workload Automation Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68497"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tes"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/96910"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038044"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3846"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3846"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-tes\"]"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "db": "BID",
        "id": "96910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "date": "2017-03-15T00:00:00",
        "db": "BID",
        "id": "96910"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "date": "2017-03-16T00:10:59",
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "date": "2017-03-15T20:59:00.227000",
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-112049"
      },
      {
        "date": "2017-03-16T00:03:00",
        "db": "BID",
        "id": "96910"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      },
      {
        "date": "2024-11-21T03:26:13.937000",
        "db": "NVD",
        "id": "CVE-2017-3846"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "141663"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Workload Automation and  Tidal Enterprise Scheduler Vulnerable to incorrect input validation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002512"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-636"
      }
    ],
    "trust": 0.6
  }
}

ghsa-3cg9-84j6-755p

Vulnerability from github

Published

2022-05-17 02:30

Modified

2022-05-17 02:30

Severity ?

8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-15T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
  "id": "GHSA-3cg9-84j6-755p",
  "modified": "2022-05-17T02:30:17Z",
  "published": "2022-05-17T02:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3846"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96910"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-04110

Vulnerability from cnvd

Title

多个Cisco产品任意文件读取漏洞

Description

Cisco Tidal Enterprise Scheduler和Cisco Workload Automation Client Manager Server都是美国思科（Cisco）公司的产品。Cisco Tidal Enterprise Scheduler是一款跨平台的企业工作日程应用软件。多个Cisco产品存在任意文件读取漏洞。远程攻击者可利用此漏洞在受影响程序中运行的用户的上下文中读取任意文件，导致进一步攻击。

Severity

中

Patch Name

多个Cisco产品任意文件读取漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes http://www.securityfocus.com/bid/96910

Impacted products

Name
['Cisco Workload Automation 6.3.0.116', 'Cisco Tidal Enterprise Scheduler 6.2.1.435']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96910"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3846",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3846"
    }
  },
  "description": "Cisco Tidal Enterprise Scheduler\u548cCisco Workload Automation Client Manager Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Tidal Enterprise Scheduler\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u4f01\u4e1a\u5de5\u4f5c\u65e5\u7a0b\u5e94\u7528\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aCisco\u4ea7\u54c1\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7a0b\u5e8f\u4e2d\u8fd0\u884c\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04110",
  "openTime": "2017-04-09",
  "patchDescription": "Cisco Tidal Enterprise Scheduler\u548cCisco Workload Automation Client Manager Server\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Tidal Enterprise Scheduler\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u4f01\u4e1a\u5de5\u4f5c\u65e5\u7a0b\u5e94\u7528\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u4e2aCisco\u4ea7\u54c1\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7a0b\u5e8f\u4e2d\u8fd0\u884c\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aCisco\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Workload Automation 6.3.0.116",
      "Cisco Tidal Enterprise Scheduler 6.2.1.435"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes\r\nhttp://www.securityfocus.com/bid/96910",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-16",
  "title": "\u591a\u4e2aCisco\u4ea7\u54c1\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

gsd-2017-3846

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-3846

Aliases

CVE-2017-3846

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3846",
    "description": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
    "id": "GSD-2017-3846"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3846"
      ],
      "details": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.",
      "id": "GSD-2017-3846",
      "modified": "2023-12-13T01:21:16.808335Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-3846",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Arbitrary File Read Vulnerability CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
          },
          {
            "name": "96910",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96910"
          },
          {
            "name": "1038044",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038044"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0.116:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.435:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:tidal_enterprise_scheduler:6.2.1.510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3846"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
            },
            {
              "name": "96910",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/96910"
            },
            {
              "name": "1038044",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038044"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2017-07-12T01:29Z",
      "publishedDate": "2017-03-15T20:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-3846 (GCVE-0-2017-3846)

Vulnerability from cvelistv5

fkie_cve-2017-3846

Vulnerability from fkie_nvd

CERTFR-2017-AVI-084

Vulnerability from certfr_avis

Solution

var-201703-0715

Vulnerability from variot

ghsa-3cg9-84j6-755p

Vulnerability from github

cnvd-2017-04110

Vulnerability from cnvd

gsd-2017-3846

Vulnerability from gsd

Tags

Sightings

Nomenclature