It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.

CPENameOperatorVersion
typo3 cmsge9.0.0
typo3 cmsle9.5.19
typo3 cmsge10.0.0
typo3 cmsle10.4.5

Name	Operator	Version
typo3 cms	ge	9.0.0
typo3 cms	le	9.5.19
typo3 cms	ge	10.0.0
typo3 cms	le	10.4.5

osv 9

github 4

nessus 2

openvas 2

freebsd 2

typo3 4

prion 3

cve 3

ubuntucve 3

friendsofphp 4

nvd 3

cvelist 3

veracode 2

osv

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

2020-07-29 16:15:19

Potential Remote Code Execution in TYPO3 with mediace extension

2020-07-29 16:15:12

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

2020-07-29 16:15:32

github

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

2020-07-29 16:15:19

Potential Remote Code Execution in TYPO3 with mediace extension

2020-07-29 16:15:12

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

2020-07-29 16:15:32

nessus

FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

2020-08-06 00:00:00

FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)

2016-07-20 00:00:00

openvas

TYPO3 9.0.0 < 9.5.20, 10.0.0 < 10.4.6 Multiple Vulnerabilities (TYPO3-CORE-SA-2020-007, TYPO3-CORE-SA-2020-008)

2020-07-30 00:00:00

TYPO3 Extbase RCE Vulnerability (TYPO3-CORE-SA-2016-013)

2017-01-25 00:00:00

freebsd

typo3 -- multiple vulnerabilities

2020-07-28 00:00:00

typo3 -- Missing access check in Extbase

2016-05-24 00:00:00

typo3

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

2020-07-28 00:00:00

Critical vulnerability in legacy versions of TYPO3 CMS

2020-07-28 00:00:00

Missing Access Check in TYPO3 CMS

2016-05-24 00:00:00

prion

Remote code execution

2020-07-29 17:15:00

Deserialization of untrusted data

2017-01-23 21:59:00

Deserialization of untrusted data

2020-07-29 17:15:00

cve

CVE-2020-15099

2020-07-29 17:15:13

CVE-2016-5091

2017-01-23 21:59:01

CVE-2020-15098

2020-07-29 17:15:13

ubuntucve

CVE-2020-15098

2020-07-29 00:00:00

CVE-2016-5091

2017-01-23 00:00:00

CVE-2020-15099

2020-07-29 00:00:00

friendsofphp

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

2020-07-28 08:18:30

TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

2020-07-28 08:18:38

TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

2020-07-28 08:18:38

nvd

CVE-2020-15099

2020-07-29 17:15:13

CVE-2016-5091

2017-01-23 21:59:01

CVE-2020-15098

2020-07-29 17:15:13

cvelist

CVE-2016-5091

2017-01-23 21:00:00

CVE-2020-15098 Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

2020-07-29 16:15:25

CVE-2020-15099 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

2020-07-29 16:15:15

veracode

Insecure Cryptography

2020-07-30 02:33:31

Information Disclosure

2020-08-03 06:29:59

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for TYPO3-CORE-SA-2020-008