Lucene search
K

6 matches found

NVD
NVD
added 2020/07/29 5:15 p.m.31 views

CVE-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS8.5AI score0.01782EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2020/07/29 4:15 p.m.58 views

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

8.8CVSS2AI score0.02229EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2020/07/29 4:15 p.m.27 views

GHSA-M5VR-3M74-JWXP Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

8.8CVSS8.3AI score0.02575EPSS
Exploits0References9
Cvelist
Cvelist
added 2020/07/29 4:15 p.m.39 views

CVE-2020-15099 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS8.4AI score0.01782EPSS
Exploits1References2
CVE
CVE
added 2020/07/29 4:15 p.m.87 views

CVE-2020-15099

CVE-2020-15099 affects TYPO3 CMS versions 9.0.0–9.5.19 and 10.0.0–10.4.5. An attacker who can construct a valid HMAC-SHA1 can access arbitrary files (e.g., typo3conf/LocalConfiguration.php) containing the encryptionKey and DB credentials, enabling full DB access and potentially creating an admin ...

8.1CVSS8.4AI score0.01782EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/07/29 4:15 p.m.31 views

GHSA-4H44-W6FM-548G Potential Remote Code Execution in TYPO3 with mediace extension

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9.1 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

9.8CVSS8.3AI score0.02721EPSS
Exploits1References7
Rows per page
Query Builder