Lucene search
K

519 matches found

Prion
Prion
added 2023/02/01 10:15 p.m.21 views

Input validation

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

4CVSS6.4AI score0.00843EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/01 10:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...

6.8CVSS8.6AI score0.00644EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/01 10:15 p.m.14 views

Directory traversal

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution...

3.8CVSS6.6AI score0.08469EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.22 views

CVE-2022-37034

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests...

5.5AI score0.00875EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.4 views

CVE-2022-45783

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution...

6.6AI score0.08469EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.9 views

CVE-2022-45783

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution...

6.8AI score0.08469EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.60 views

CVE-2022-45783

Context: CVE-2022-45783 affects dotCMS core 4.x up to 22.10.2. Vulnerability: An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. Impact (as stated): Potentially high impact on confidentiality, integrity, and availability via RCE. References/ind...

6.5CVSS6.5AI score0.08469EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.1 views

dotCMS 路径遍历漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A path traversal vulnerability exists in dotCMS core, which stems from the fact that an authenticated attacker can...

6.5CVSS7.9AI score0.08469EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.6 views

CVE-2022-45782

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...

8.7AI score0.00644EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.42 views

CVE-2022-45782

CVE-2022-45782 affects dotCMS core versions 5.3.8.5–5.3.8.15 and 21.03–22.10.1. The root cause is a cryptographically insecure random generation algorithm used for password-reset token generation, enabling account takeover. The connected documents confirm this vulnerability and its impact. No rem...

8.8CVSS8.6AI score0.00644EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.6 views

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

6.4AI score0.00843EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.6 views

CVE-2022-37034

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests...

5.3AI score0.00875EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.58 views

CVE-2022-37033

In dotCMS 5.x-22.06, the TempFileAPI vulnerability allows a user to create a temporary file from a supplied URL, because the API does not re-validate 302 redirects when resolving the remote URL. This enables potential access to data on local or private hosts that should not be reachable remotely,...

6.5CVSS6.3AI score0.00843EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.4 views

dotCMS 代码问题漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from TempFileAPI allowing a user to create a tempora...

6.5CVSS6.5AI score0.00843EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.5 views

dotCMS 安全特征问题漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, forums, etc., and is easy to extend and build. A security signature issue vulnerability exists in dotCMS core versions 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1,...

8.8CVSS7.9AI score0.00644EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.21 views

CVE-2022-45782

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...

8.9AI score0.00644EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.26 views

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

6.6AI score0.00843EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.63 views

CVE-2022-37034

dotCMS 5.x-22.06 is affected by a denial-of-service condition when TempResource is called repeatedly to download large files, exhausting Tomcat request threads and denying other requests. The connected documents provide this description without including exploit details or a remediation. No other...

5.3CVSS5.2AI score0.00875EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

dotCMS 安全漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from the ability to call TempResource multiple times...

5.3CVSS5.8AI score0.00875EPSS
Exploits0References3
NVD
NVD
added 2022/11/10 9:15 p.m.27 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.1CVSS0.01192EPSS
Exploits1References2
Rows per page
Query Builder