CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
CVE-2024-13030 (GCVE-0-2024-13030)
Vulnerability from cvelistv5 – Published: 2024-12-30 00:00 – Updated: 2024-12-30 14:42 Unsupported When Assigned| URL | Tags |
|---|---|
| https://vuldb.com/?id.289763 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.289763 | signaturepermissions-required |
| https://vuldb.com/?submit.467903 | third-party-advisory |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
| https://www.dlink.com.cn/about/article/news?id=2247 | broken-link |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T14:41:34.566856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T14:42:25.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "DIR-823G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.0.2B05_20181207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in D-Link DIR-823G 1.0.2B05_20181207 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings der Datei /HNAP1/ der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T00:00:28.731Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289763 | D-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.289763"
},
{
"name": "VDB-289763 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289763"
},
{
"name": "Submit #467903 | D-Link DIR823G V1.0.2B05_20181207 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.467903"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-823G/SetAutoRebootSettings.md"
},
{
"tags": [
"broken-link"
],
"url": "https://www.dlink.com.cn/about/article/news?id=2247"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-29T13:26:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13030",
"datePublished": "2024-12-30T00:00:28.731Z",
"dateReserved": "2024-12-29T12:21:15.297Z",
"dateUpdated": "2024-12-30T14:42:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12901 (GCVE-0-2024-12901)
Vulnerability from cvelistv5 – Published: 2024-12-23 02:00 – Updated: 2024-12-24 02:03| URL | Tags |
|---|---|
| https://vuldb.com/?id.289171 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.289171 | signaturepermissions-required |
| https://vuldb.com/?submit.467703 | third-party-advisory |
| https://note.zhaoj.in/share/8l4RPA2zcxRr | broken-linkexploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T02:03:12.931597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T02:03:30.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "FoxCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "glzjin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In FoxCMS bis 1.2 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /app/api/controller/Site.php der Komponente API Endpoint. Durch die Manipulation des Arguments password mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T02:00:12.678Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289171 | FoxCMS API Endpoint Site.php improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.289171"
},
{
"name": "VDB-289171 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289171"
},
{
"name": "Submit #467703 | FoxCMS \u003c=1.2.0 Auth bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.467703"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://note.zhaoj.in/share/8l4RPA2zcxRr"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-22T17:52:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "FoxCMS API Endpoint Site.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12901",
"datePublished": "2024-12-23T02:00:12.678Z",
"dateReserved": "2024-12-22T16:47:42.870Z",
"dateUpdated": "2024-12-24T02:03:30.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12786 (GCVE-0-2024-12786)
Vulnerability from cvelistv5 – Published: 2024-12-19 15:00 – Updated: 2024-12-20 20:18| URL | Tags |
|---|---|
| https://vuldb.com/?id.288966 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288966 | signaturepermissions-required |
| https://vuldb.com/?submit.464685 | third-party-advisory |
| https://winslow1984.com/books/cve-collection/page… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| X1a0He | Adobe Downloader |
Affected:
1.3.0
Affected: 1.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:18:03.302209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:18:23.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XPC Service"
],
"product": "Adobe Downloader",
"vendor": "X1a0He",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "winslow1984 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in X1a0He Adobe Downloader bis 1.3.1 f\u00fcr macOS gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion shouldAcceptNewConnection der Datei com.x1a0he.macOS.Adobe-Downloader.helper der Komponente XPC Service. Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T15:00:22.547Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288966 | X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288966"
},
{
"name": "VDB-288966 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288966"
},
{
"name": "Submit #464685 | https://github.com/X1a0He Adobe-Downloader \u003c= 1.3.1 Local Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.464685"
},
{
"tags": [
"exploit"
],
"url": "https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-19T09:26:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12786",
"datePublished": "2024-12-19T15:00:22.547Z",
"dateReserved": "2024-12-19T08:20:09.032Z",
"dateUpdated": "2024-12-20T20:18:23.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12782 (GCVE-0-2024-12782)
Vulnerability from cvelistv5 – Published: 2024-12-19 12:31 – Updated: 2025-02-28 06:36 Disputed| URL | Tags |
|---|---|
| https://vuldb.com/?id.288958 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288958 | signaturepermissions-required |
| https://vuldb.com/?submit.458897 | third-party-advisory |
| https://www.fujifilm.com/fbglobal/eng/company/new… | related |
| Vendor | Product | Version | |
|---|---|---|---|
| Fujifilm Business Innovation | Apeos C3070 |
Affected:
22.1.0
Affected: 22.1.1 Affected: 22.1.2 Affected: 22.1.3 Affected: 22.1.4 Affected: 22.1.5 Affected: 22.1.6 Affected: 22.1.7 Affected: 22.1.8 Affected: 22.1.9 Affected: 22.1.10 Affected: 22.1.11 Affected: 22.1.12 Affected: 22.1.13 Affected: 22.1.14 Affected: 22.1.15 Affected: 22.1.16 Affected: 22.1.17 Affected: 22.1.18 Affected: 22.1.19 Affected: 22.1.20 Affected: 22.1.21 Affected: 22.1.22 Affected: 22.1.23 Affected: 22.1.24 Affected: 22.1.25 Affected: 22.1.26 Affected: 22.1.27 Affected: 22.1.28 Affected: 22.12.0 Affected: 22.12.1 Affected: 22.12.2 Affected: 23.7.0 Affected: 23.7.1 Affected: 23.7.2 Affected: 23.7.3 Affected: 23.9.0 Affected: 23.9.1 Affected: 23.9.2 Affected: 23.9.3 Affected: 23.9.4 Affected: 23.9.5 Affected: 23.9.6 Affected: 23.9.7 Affected: 23.9.8 Affected: 23.9.9 Affected: 23.9.10 Affected: 23.9.11 Affected: 23.9.12 Affected: 23.9.13 Affected: 23.9.14 Affected: 23.9.15 Affected: 23.9.16 Affected: 23.12.0 Affected: 23.12.1 Affected: 23.12.2 Affected: 23.12.3 Affected: 23.12.4 Affected: 23.12.5 Affected: 23.12.6 Affected: 23.12.7 Affected: 23.12.8 Affected: 23.12.9 Affected: 23.12.10 Affected: 23.12.11 Affected: 23.12.12 Affected: 23.12.13 Affected: 23.12.14 Affected: 23.12.15 Affected: 24.2.0 Affected: 24.2.1 Affected: 24.2.2 Affected: 24.2.3 Affected: 24.2.4 Affected: 24.2.5 Affected: 24.2.6 Affected: 24.2.7 Affected: 24.2.8 Affected: 24.2.9 Affected: 24.2.10 Affected: 24.2.11 Affected: 24.2.12 Affected: 24.2.13 Affected: 24.2.14 Affected: 24.2.15 Affected: 24.5.0 Affected: 24.5.1 Affected: 24.8.0 Affected: 24.8.1 Affected: 24.8.2 Affected: 24.8.3 Affected: 24.8.4 Affected: 24.8.5 Affected: 24.8.6 Affected: 24.8.7 Affected: 24.8.8 Affected: 24.8.9 Affected: 24.8.10 Affected: 24.8.11 Affected: 24.8.12 Affected: 24.8.13 Affected: 24.8.14 Affected: 24.8.15 Affected: 24.8.16 Affected: 24.8.17 Affected: 24.8.18 Affected: 24.8.19 Affected: 24.8.20 Affected: 24.8.21 Affected: 24.8.22 Affected: 24.8.23 Affected: 24.8.24 Affected: 24.8.25 Affected: 24.8.26 Affected: 24.8.27 Affected: 24.8.28 |
|
| Fujifilm Business Innovation | Apeos C5570 |
Affected:
22.1.0
Affected: 22.1.1 Affected: 22.1.2 Affected: 22.1.3 Affected: 22.1.4 Affected: 22.1.5 Affected: 22.1.6 Affected: 22.1.7 Affected: 22.1.8 Affected: 22.1.9 Affected: 22.1.10 Affected: 22.1.11 Affected: 22.1.12 Affected: 22.1.13 Affected: 22.1.14 Affected: 22.1.15 Affected: 22.1.16 Affected: 22.1.17 Affected: 22.1.18 Affected: 22.1.19 Affected: 22.1.20 Affected: 22.1.21 Affected: 22.1.22 Affected: 22.1.23 Affected: 22.1.24 Affected: 22.1.25 Affected: 22.1.26 Affected: 22.1.27 Affected: 22.1.28 Affected: 22.12.0 Affected: 22.12.1 Affected: 22.12.2 Affected: 23.7.0 Affected: 23.7.1 Affected: 23.7.2 Affected: 23.7.3 Affected: 23.9.0 Affected: 23.9.1 Affected: 23.9.2 Affected: 23.9.3 Affected: 23.9.4 Affected: 23.9.5 Affected: 23.9.6 Affected: 23.9.7 Affected: 23.9.8 Affected: 23.9.9 Affected: 23.9.10 Affected: 23.9.11 Affected: 23.9.12 Affected: 23.9.13 Affected: 23.9.14 Affected: 23.9.15 Affected: 23.9.16 Affected: 23.12.0 Affected: 23.12.1 Affected: 23.12.2 Affected: 23.12.3 Affected: 23.12.4 Affected: 23.12.5 Affected: 23.12.6 Affected: 23.12.7 Affected: 23.12.8 Affected: 23.12.9 Affected: 23.12.10 Affected: 23.12.11 Affected: 23.12.12 Affected: 23.12.13 Affected: 23.12.14 Affected: 23.12.15 Affected: 24.2.0 Affected: 24.2.1 Affected: 24.2.2 Affected: 24.2.3 Affected: 24.2.4 Affected: 24.2.5 Affected: 24.2.6 Affected: 24.2.7 Affected: 24.2.8 Affected: 24.2.9 Affected: 24.2.10 Affected: 24.2.11 Affected: 24.2.12 Affected: 24.2.13 Affected: 24.2.14 Affected: 24.2.15 Affected: 24.5.0 Affected: 24.5.1 Affected: 24.8.0 Affected: 24.8.1 Affected: 24.8.2 Affected: 24.8.3 Affected: 24.8.4 Affected: 24.8.5 Affected: 24.8.6 Affected: 24.8.7 Affected: 24.8.8 Affected: 24.8.9 Affected: 24.8.10 Affected: 24.8.11 Affected: 24.8.12 Affected: 24.8.13 Affected: 24.8.14 Affected: 24.8.15 Affected: 24.8.16 Affected: 24.8.17 Affected: 24.8.18 Affected: 24.8.19 Affected: 24.8.20 Affected: 24.8.21 Affected: 24.8.22 Affected: 24.8.23 Affected: 24.8.24 Affected: 24.8.25 Affected: 24.8.26 Affected: 24.8.27 Affected: 24.8.28 |
|
| Fujifilm Business Innovation | Apeos C6580 |
Affected:
22.1.0
Affected: 22.1.1 Affected: 22.1.2 Affected: 22.1.3 Affected: 22.1.4 Affected: 22.1.5 Affected: 22.1.6 Affected: 22.1.7 Affected: 22.1.8 Affected: 22.1.9 Affected: 22.1.10 Affected: 22.1.11 Affected: 22.1.12 Affected: 22.1.13 Affected: 22.1.14 Affected: 22.1.15 Affected: 22.1.16 Affected: 22.1.17 Affected: 22.1.18 Affected: 22.1.19 Affected: 22.1.20 Affected: 22.1.21 Affected: 22.1.22 Affected: 22.1.23 Affected: 22.1.24 Affected: 22.1.25 Affected: 22.1.26 Affected: 22.1.27 Affected: 22.1.28 Affected: 22.12.0 Affected: 22.12.1 Affected: 22.12.2 Affected: 23.7.0 Affected: 23.7.1 Affected: 23.7.2 Affected: 23.7.3 Affected: 23.9.0 Affected: 23.9.1 Affected: 23.9.2 Affected: 23.9.3 Affected: 23.9.4 Affected: 23.9.5 Affected: 23.9.6 Affected: 23.9.7 Affected: 23.9.8 Affected: 23.9.9 Affected: 23.9.10 Affected: 23.9.11 Affected: 23.9.12 Affected: 23.9.13 Affected: 23.9.14 Affected: 23.9.15 Affected: 23.9.16 Affected: 23.12.0 Affected: 23.12.1 Affected: 23.12.2 Affected: 23.12.3 Affected: 23.12.4 Affected: 23.12.5 Affected: 23.12.6 Affected: 23.12.7 Affected: 23.12.8 Affected: 23.12.9 Affected: 23.12.10 Affected: 23.12.11 Affected: 23.12.12 Affected: 23.12.13 Affected: 23.12.14 Affected: 23.12.15 Affected: 24.2.0 Affected: 24.2.1 Affected: 24.2.2 Affected: 24.2.3 Affected: 24.2.4 Affected: 24.2.5 Affected: 24.2.6 Affected: 24.2.7 Affected: 24.2.8 Affected: 24.2.9 Affected: 24.2.10 Affected: 24.2.11 Affected: 24.2.12 Affected: 24.2.13 Affected: 24.2.14 Affected: 24.2.15 Affected: 24.5.0 Affected: 24.5.1 Affected: 24.8.0 Affected: 24.8.1 Affected: 24.8.2 Affected: 24.8.3 Affected: 24.8.4 Affected: 24.8.5 Affected: 24.8.6 Affected: 24.8.7 Affected: 24.8.8 Affected: 24.8.9 Affected: 24.8.10 Affected: 24.8.11 Affected: 24.8.12 Affected: 24.8.13 Affected: 24.8.14 Affected: 24.8.15 Affected: 24.8.16 Affected: 24.8.17 Affected: 24.8.18 Affected: 24.8.19 Affected: 24.8.20 Affected: 24.8.21 Affected: 24.8.22 Affected: 24.8.23 Affected: 24.8.24 Affected: 24.8.25 Affected: 24.8.26 Affected: 24.8.27 Affected: 24.8.28 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T21:56:55.579570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T21:57:20.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "Apeos C3070",
"vendor": "Fujifilm Business Innovation",
"versions": [
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.1.2"
},
{
"status": "affected",
"version": "22.1.3"
},
{
"status": "affected",
"version": "22.1.4"
},
{
"status": "affected",
"version": "22.1.5"
},
{
"status": "affected",
"version": "22.1.6"
},
{
"status": "affected",
"version": "22.1.7"
},
{
"status": "affected",
"version": "22.1.8"
},
{
"status": "affected",
"version": "22.1.9"
},
{
"status": "affected",
"version": "22.1.10"
},
{
"status": "affected",
"version": "22.1.11"
},
{
"status": "affected",
"version": "22.1.12"
},
{
"status": "affected",
"version": "22.1.13"
},
{
"status": "affected",
"version": "22.1.14"
},
{
"status": "affected",
"version": "22.1.15"
},
{
"status": "affected",
"version": "22.1.16"
},
{
"status": "affected",
"version": "22.1.17"
},
{
"status": "affected",
"version": "22.1.18"
},
{
"status": "affected",
"version": "22.1.19"
},
{
"status": "affected",
"version": "22.1.20"
},
{
"status": "affected",
"version": "22.1.21"
},
{
"status": "affected",
"version": "22.1.22"
},
{
"status": "affected",
"version": "22.1.23"
},
{
"status": "affected",
"version": "22.1.24"
},
{
"status": "affected",
"version": "22.1.25"
},
{
"status": "affected",
"version": "22.1.26"
},
{
"status": "affected",
"version": "22.1.27"
},
{
"status": "affected",
"version": "22.1.28"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "22.12.2"
},
{
"status": "affected",
"version": "23.7.0"
},
{
"status": "affected",
"version": "23.7.1"
},
{
"status": "affected",
"version": "23.7.2"
},
{
"status": "affected",
"version": "23.7.3"
},
{
"status": "affected",
"version": "23.9.0"
},
{
"status": "affected",
"version": "23.9.1"
},
{
"status": "affected",
"version": "23.9.2"
},
{
"status": "affected",
"version": "23.9.3"
},
{
"status": "affected",
"version": "23.9.4"
},
{
"status": "affected",
"version": "23.9.5"
},
{
"status": "affected",
"version": "23.9.6"
},
{
"status": "affected",
"version": "23.9.7"
},
{
"status": "affected",
"version": "23.9.8"
},
{
"status": "affected",
"version": "23.9.9"
},
{
"status": "affected",
"version": "23.9.10"
},
{
"status": "affected",
"version": "23.9.11"
},
{
"status": "affected",
"version": "23.9.12"
},
{
"status": "affected",
"version": "23.9.13"
},
{
"status": "affected",
"version": "23.9.14"
},
{
"status": "affected",
"version": "23.9.15"
},
{
"status": "affected",
"version": "23.9.16"
},
{
"status": "affected",
"version": "23.12.0"
},
{
"status": "affected",
"version": "23.12.1"
},
{
"status": "affected",
"version": "23.12.2"
},
{
"status": "affected",
"version": "23.12.3"
},
{
"status": "affected",
"version": "23.12.4"
},
{
"status": "affected",
"version": "23.12.5"
},
{
"status": "affected",
"version": "23.12.6"
},
{
"status": "affected",
"version": "23.12.7"
},
{
"status": "affected",
"version": "23.12.8"
},
{
"status": "affected",
"version": "23.12.9"
},
{
"status": "affected",
"version": "23.12.10"
},
{
"status": "affected",
"version": "23.12.11"
},
{
"status": "affected",
"version": "23.12.12"
},
{
"status": "affected",
"version": "23.12.13"
},
{
"status": "affected",
"version": "23.12.14"
},
{
"status": "affected",
"version": "23.12.15"
},
{
"status": "affected",
"version": "24.2.0"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "24.2.3"
},
{
"status": "affected",
"version": "24.2.4"
},
{
"status": "affected",
"version": "24.2.5"
},
{
"status": "affected",
"version": "24.2.6"
},
{
"status": "affected",
"version": "24.2.7"
},
{
"status": "affected",
"version": "24.2.8"
},
{
"status": "affected",
"version": "24.2.9"
},
{
"status": "affected",
"version": "24.2.10"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.2.12"
},
{
"status": "affected",
"version": "24.2.13"
},
{
"status": "affected",
"version": "24.2.14"
},
{
"status": "affected",
"version": "24.2.15"
},
{
"status": "affected",
"version": "24.5.0"
},
{
"status": "affected",
"version": "24.5.1"
},
{
"status": "affected",
"version": "24.8.0"
},
{
"status": "affected",
"version": "24.8.1"
},
{
"status": "affected",
"version": "24.8.2"
},
{
"status": "affected",
"version": "24.8.3"
},
{
"status": "affected",
"version": "24.8.4"
},
{
"status": "affected",
"version": "24.8.5"
},
{
"status": "affected",
"version": "24.8.6"
},
{
"status": "affected",
"version": "24.8.7"
},
{
"status": "affected",
"version": "24.8.8"
},
{
"status": "affected",
"version": "24.8.9"
},
{
"status": "affected",
"version": "24.8.10"
},
{
"status": "affected",
"version": "24.8.11"
},
{
"status": "affected",
"version": "24.8.12"
},
{
"status": "affected",
"version": "24.8.13"
},
{
"status": "affected",
"version": "24.8.14"
},
{
"status": "affected",
"version": "24.8.15"
},
{
"status": "affected",
"version": "24.8.16"
},
{
"status": "affected",
"version": "24.8.17"
},
{
"status": "affected",
"version": "24.8.18"
},
{
"status": "affected",
"version": "24.8.19"
},
{
"status": "affected",
"version": "24.8.20"
},
{
"status": "affected",
"version": "24.8.21"
},
{
"status": "affected",
"version": "24.8.22"
},
{
"status": "affected",
"version": "24.8.23"
},
{
"status": "affected",
"version": "24.8.24"
},
{
"status": "affected",
"version": "24.8.25"
},
{
"status": "affected",
"version": "24.8.26"
},
{
"status": "affected",
"version": "24.8.27"
},
{
"status": "affected",
"version": "24.8.28"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Apeos C5570",
"vendor": "Fujifilm Business Innovation",
"versions": [
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.1.2"
},
{
"status": "affected",
"version": "22.1.3"
},
{
"status": "affected",
"version": "22.1.4"
},
{
"status": "affected",
"version": "22.1.5"
},
{
"status": "affected",
"version": "22.1.6"
},
{
"status": "affected",
"version": "22.1.7"
},
{
"status": "affected",
"version": "22.1.8"
},
{
"status": "affected",
"version": "22.1.9"
},
{
"status": "affected",
"version": "22.1.10"
},
{
"status": "affected",
"version": "22.1.11"
},
{
"status": "affected",
"version": "22.1.12"
},
{
"status": "affected",
"version": "22.1.13"
},
{
"status": "affected",
"version": "22.1.14"
},
{
"status": "affected",
"version": "22.1.15"
},
{
"status": "affected",
"version": "22.1.16"
},
{
"status": "affected",
"version": "22.1.17"
},
{
"status": "affected",
"version": "22.1.18"
},
{
"status": "affected",
"version": "22.1.19"
},
{
"status": "affected",
"version": "22.1.20"
},
{
"status": "affected",
"version": "22.1.21"
},
{
"status": "affected",
"version": "22.1.22"
},
{
"status": "affected",
"version": "22.1.23"
},
{
"status": "affected",
"version": "22.1.24"
},
{
"status": "affected",
"version": "22.1.25"
},
{
"status": "affected",
"version": "22.1.26"
},
{
"status": "affected",
"version": "22.1.27"
},
{
"status": "affected",
"version": "22.1.28"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "22.12.2"
},
{
"status": "affected",
"version": "23.7.0"
},
{
"status": "affected",
"version": "23.7.1"
},
{
"status": "affected",
"version": "23.7.2"
},
{
"status": "affected",
"version": "23.7.3"
},
{
"status": "affected",
"version": "23.9.0"
},
{
"status": "affected",
"version": "23.9.1"
},
{
"status": "affected",
"version": "23.9.2"
},
{
"status": "affected",
"version": "23.9.3"
},
{
"status": "affected",
"version": "23.9.4"
},
{
"status": "affected",
"version": "23.9.5"
},
{
"status": "affected",
"version": "23.9.6"
},
{
"status": "affected",
"version": "23.9.7"
},
{
"status": "affected",
"version": "23.9.8"
},
{
"status": "affected",
"version": "23.9.9"
},
{
"status": "affected",
"version": "23.9.10"
},
{
"status": "affected",
"version": "23.9.11"
},
{
"status": "affected",
"version": "23.9.12"
},
{
"status": "affected",
"version": "23.9.13"
},
{
"status": "affected",
"version": "23.9.14"
},
{
"status": "affected",
"version": "23.9.15"
},
{
"status": "affected",
"version": "23.9.16"
},
{
"status": "affected",
"version": "23.12.0"
},
{
"status": "affected",
"version": "23.12.1"
},
{
"status": "affected",
"version": "23.12.2"
},
{
"status": "affected",
"version": "23.12.3"
},
{
"status": "affected",
"version": "23.12.4"
},
{
"status": "affected",
"version": "23.12.5"
},
{
"status": "affected",
"version": "23.12.6"
},
{
"status": "affected",
"version": "23.12.7"
},
{
"status": "affected",
"version": "23.12.8"
},
{
"status": "affected",
"version": "23.12.9"
},
{
"status": "affected",
"version": "23.12.10"
},
{
"status": "affected",
"version": "23.12.11"
},
{
"status": "affected",
"version": "23.12.12"
},
{
"status": "affected",
"version": "23.12.13"
},
{
"status": "affected",
"version": "23.12.14"
},
{
"status": "affected",
"version": "23.12.15"
},
{
"status": "affected",
"version": "24.2.0"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "24.2.3"
},
{
"status": "affected",
"version": "24.2.4"
},
{
"status": "affected",
"version": "24.2.5"
},
{
"status": "affected",
"version": "24.2.6"
},
{
"status": "affected",
"version": "24.2.7"
},
{
"status": "affected",
"version": "24.2.8"
},
{
"status": "affected",
"version": "24.2.9"
},
{
"status": "affected",
"version": "24.2.10"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.2.12"
},
{
"status": "affected",
"version": "24.2.13"
},
{
"status": "affected",
"version": "24.2.14"
},
{
"status": "affected",
"version": "24.2.15"
},
{
"status": "affected",
"version": "24.5.0"
},
{
"status": "affected",
"version": "24.5.1"
},
{
"status": "affected",
"version": "24.8.0"
},
{
"status": "affected",
"version": "24.8.1"
},
{
"status": "affected",
"version": "24.8.2"
},
{
"status": "affected",
"version": "24.8.3"
},
{
"status": "affected",
"version": "24.8.4"
},
{
"status": "affected",
"version": "24.8.5"
},
{
"status": "affected",
"version": "24.8.6"
},
{
"status": "affected",
"version": "24.8.7"
},
{
"status": "affected",
"version": "24.8.8"
},
{
"status": "affected",
"version": "24.8.9"
},
{
"status": "affected",
"version": "24.8.10"
},
{
"status": "affected",
"version": "24.8.11"
},
{
"status": "affected",
"version": "24.8.12"
},
{
"status": "affected",
"version": "24.8.13"
},
{
"status": "affected",
"version": "24.8.14"
},
{
"status": "affected",
"version": "24.8.15"
},
{
"status": "affected",
"version": "24.8.16"
},
{
"status": "affected",
"version": "24.8.17"
},
{
"status": "affected",
"version": "24.8.18"
},
{
"status": "affected",
"version": "24.8.19"
},
{
"status": "affected",
"version": "24.8.20"
},
{
"status": "affected",
"version": "24.8.21"
},
{
"status": "affected",
"version": "24.8.22"
},
{
"status": "affected",
"version": "24.8.23"
},
{
"status": "affected",
"version": "24.8.24"
},
{
"status": "affected",
"version": "24.8.25"
},
{
"status": "affected",
"version": "24.8.26"
},
{
"status": "affected",
"version": "24.8.27"
},
{
"status": "affected",
"version": "24.8.28"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "Apeos C6580",
"vendor": "Fujifilm Business Innovation",
"versions": [
{
"status": "affected",
"version": "22.1.0"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"status": "affected",
"version": "22.1.2"
},
{
"status": "affected",
"version": "22.1.3"
},
{
"status": "affected",
"version": "22.1.4"
},
{
"status": "affected",
"version": "22.1.5"
},
{
"status": "affected",
"version": "22.1.6"
},
{
"status": "affected",
"version": "22.1.7"
},
{
"status": "affected",
"version": "22.1.8"
},
{
"status": "affected",
"version": "22.1.9"
},
{
"status": "affected",
"version": "22.1.10"
},
{
"status": "affected",
"version": "22.1.11"
},
{
"status": "affected",
"version": "22.1.12"
},
{
"status": "affected",
"version": "22.1.13"
},
{
"status": "affected",
"version": "22.1.14"
},
{
"status": "affected",
"version": "22.1.15"
},
{
"status": "affected",
"version": "22.1.16"
},
{
"status": "affected",
"version": "22.1.17"
},
{
"status": "affected",
"version": "22.1.18"
},
{
"status": "affected",
"version": "22.1.19"
},
{
"status": "affected",
"version": "22.1.20"
},
{
"status": "affected",
"version": "22.1.21"
},
{
"status": "affected",
"version": "22.1.22"
},
{
"status": "affected",
"version": "22.1.23"
},
{
"status": "affected",
"version": "22.1.24"
},
{
"status": "affected",
"version": "22.1.25"
},
{
"status": "affected",
"version": "22.1.26"
},
{
"status": "affected",
"version": "22.1.27"
},
{
"status": "affected",
"version": "22.1.28"
},
{
"status": "affected",
"version": "22.12.0"
},
{
"status": "affected",
"version": "22.12.1"
},
{
"status": "affected",
"version": "22.12.2"
},
{
"status": "affected",
"version": "23.7.0"
},
{
"status": "affected",
"version": "23.7.1"
},
{
"status": "affected",
"version": "23.7.2"
},
{
"status": "affected",
"version": "23.7.3"
},
{
"status": "affected",
"version": "23.9.0"
},
{
"status": "affected",
"version": "23.9.1"
},
{
"status": "affected",
"version": "23.9.2"
},
{
"status": "affected",
"version": "23.9.3"
},
{
"status": "affected",
"version": "23.9.4"
},
{
"status": "affected",
"version": "23.9.5"
},
{
"status": "affected",
"version": "23.9.6"
},
{
"status": "affected",
"version": "23.9.7"
},
{
"status": "affected",
"version": "23.9.8"
},
{
"status": "affected",
"version": "23.9.9"
},
{
"status": "affected",
"version": "23.9.10"
},
{
"status": "affected",
"version": "23.9.11"
},
{
"status": "affected",
"version": "23.9.12"
},
{
"status": "affected",
"version": "23.9.13"
},
{
"status": "affected",
"version": "23.9.14"
},
{
"status": "affected",
"version": "23.9.15"
},
{
"status": "affected",
"version": "23.9.16"
},
{
"status": "affected",
"version": "23.12.0"
},
{
"status": "affected",
"version": "23.12.1"
},
{
"status": "affected",
"version": "23.12.2"
},
{
"status": "affected",
"version": "23.12.3"
},
{
"status": "affected",
"version": "23.12.4"
},
{
"status": "affected",
"version": "23.12.5"
},
{
"status": "affected",
"version": "23.12.6"
},
{
"status": "affected",
"version": "23.12.7"
},
{
"status": "affected",
"version": "23.12.8"
},
{
"status": "affected",
"version": "23.12.9"
},
{
"status": "affected",
"version": "23.12.10"
},
{
"status": "affected",
"version": "23.12.11"
},
{
"status": "affected",
"version": "23.12.12"
},
{
"status": "affected",
"version": "23.12.13"
},
{
"status": "affected",
"version": "23.12.14"
},
{
"status": "affected",
"version": "23.12.15"
},
{
"status": "affected",
"version": "24.2.0"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.2.2"
},
{
"status": "affected",
"version": "24.2.3"
},
{
"status": "affected",
"version": "24.2.4"
},
{
"status": "affected",
"version": "24.2.5"
},
{
"status": "affected",
"version": "24.2.6"
},
{
"status": "affected",
"version": "24.2.7"
},
{
"status": "affected",
"version": "24.2.8"
},
{
"status": "affected",
"version": "24.2.9"
},
{
"status": "affected",
"version": "24.2.10"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.2.12"
},
{
"status": "affected",
"version": "24.2.13"
},
{
"status": "affected",
"version": "24.2.14"
},
{
"status": "affected",
"version": "24.2.15"
},
{
"status": "affected",
"version": "24.5.0"
},
{
"status": "affected",
"version": "24.5.1"
},
{
"status": "affected",
"version": "24.8.0"
},
{
"status": "affected",
"version": "24.8.1"
},
{
"status": "affected",
"version": "24.8.2"
},
{
"status": "affected",
"version": "24.8.3"
},
{
"status": "affected",
"version": "24.8.4"
},
{
"status": "affected",
"version": "24.8.5"
},
{
"status": "affected",
"version": "24.8.6"
},
{
"status": "affected",
"version": "24.8.7"
},
{
"status": "affected",
"version": "24.8.8"
},
{
"status": "affected",
"version": "24.8.9"
},
{
"status": "affected",
"version": "24.8.10"
},
{
"status": "affected",
"version": "24.8.11"
},
{
"status": "affected",
"version": "24.8.12"
},
{
"status": "affected",
"version": "24.8.13"
},
{
"status": "affected",
"version": "24.8.14"
},
{
"status": "affected",
"version": "24.8.15"
},
{
"status": "affected",
"version": "24.8.16"
},
{
"status": "affected",
"version": "24.8.17"
},
{
"status": "affected",
"version": "24.8.18"
},
{
"status": "affected",
"version": "24.8.19"
},
{
"status": "affected",
"version": "24.8.20"
},
{
"status": "affected",
"version": "24.8.21"
},
{
"status": "affected",
"version": "24.8.22"
},
{
"status": "affected",
"version": "24.8.23"
},
{
"status": "affected",
"version": "24.8.24"
},
{
"status": "affected",
"version": "24.8.25"
},
{
"status": "affected",
"version": "24.8.26"
},
{
"status": "affected",
"version": "24.8.27"
},
{
"status": "affected",
"version": "24.8.28"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dycc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that \"during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure.\""
},
{
"lang": "de",
"value": "In Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 bis 24.8.28 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /home/index.html#hashHome der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T06:36:15.948Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288958 | Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288958"
},
{
"name": "VDB-288958 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288958"
},
{
"name": "Submit #458897 | Fujifilm Business Innovation (China) Co., Ltd. Apeos C3070, Apeos C6580, Apeos C5570 printers Apeos C3070, Apeos C6580, Apeos C5570 unauthorized access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.458897"
},
{
"tags": [
"related"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/1226_announce.html"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2024-12-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-28T07:40:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12782",
"datePublished": "2024-12-19T12:31:07.155Z",
"dateReserved": "2024-12-19T07:19:32.765Z",
"dateUpdated": "2025-02-28T06:36:15.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12678 (GCVE-0-2024-12678)
Vulnerability from cvelistv5 – Published: 2024-12-20 01:49 – Updated: 2024-12-20 17:08- CWE-266 - Incorrect Privilege Assignment
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Nomad |
Affected:
1.4.0 , < 1.9.4
(semver)
|
|
| HashiCorp | Nomad Enterprise |
Affected:
1.4.0 , < 1.9.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:07:58.479503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T17:08:12.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad",
"repo": "https://github.com/hashicorp/nomad",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.9.4",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Nomad Enterprise",
"repo": "https://github.com/hashicorp/nomad",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.8.8",
"status": "unaffected"
},
{
"at": "1.7.16",
"status": "unaffected"
}
],
"lessThan": "1.9.4",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNomad Community and Nomad Enterprise (\"Nomad\") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Nomad Community and Nomad Enterprise (\"Nomad\") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T01:49:40.583Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-allocations-vulnerable-to-privilege-escalation-within-a-namespace-using-unredacted-workload-identity-token/72119"
}
],
"source": {
"advisory": "HCSEC-2024-29",
"discovery": "INTERNAL"
},
"title": "Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-12678",
"datePublished": "2024-12-20T01:49:40.583Z",
"dateReserved": "2024-12-16T16:20:12.439Z",
"dateUpdated": "2024-12-20T17:08:12.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12666 (GCVE-0-2024-12666)
Vulnerability from cvelistv5 – Published: 2024-12-16 20:00 – Updated: 2024-12-17 14:29| URL | Tags |
|---|---|
| https://vuldb.com/?id.288535 | vdb-entry |
| https://vuldb.com/?ctiid.288535 | signaturepermissions-required |
| https://vuldb.com/?submit.461120 | third-party-advisory |
| https://github.com/Jack-Black-13/blob/blob/main/C… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12666",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:29:26.735276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:29:37.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"User Management Page"
],
"product": "ClassCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6"
},
{
"status": "affected",
"version": "4.7"
},
{
"status": "affected",
"version": "4.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vulbox (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In ClassCMS bis 4.8 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin?do=admin:user:editPost der Komponente User Management Page. Mittels dem Manipulieren mit unbekannten Daten kann eine improper handling of insufficient privileges-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T20:00:12.804Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288535 | ClassCMS User Management Page admin insufficient privileges",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.288535"
},
{
"name": "VDB-288535 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288535"
},
{
"name": "Submit #461120 | ClassCMS V4.8 Improper Handling of Insufficient Permissions or Privileges",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.461120"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Jack-Black-13/blob/blob/main/ClassCMS%20V4.8%20Vertical%20Privilege%20Escalation.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:58:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "ClassCMS User Management Page admin insufficient privileges"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12666",
"datePublished": "2024-12-16T20:00:12.804Z",
"dateReserved": "2024-12-16T08:53:03.678Z",
"dateUpdated": "2024-12-17T14:29:37.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12470 (GCVE-0-2024-12470)
Vulnerability from cvelistv5 – Published: 2025-01-07 04:22 – Updated: 2026-04-08 17:27- CWE-266 - Incorrect Privilege Assignment
| Vendor | Product | Version | |
|---|---|---|---|
| themesawesome | School Management System – SakolaWP |
Affected:
0 , ≤ 1.0.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T15:57:03.415728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T16:18:42.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 SakolaWP",
"vendor": "themesawesome",
"versions": [
{
"lessThanOrEqual": "1.0.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:31.708Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve"
},
{
"url": "https://wordpress.org/plugins/sakolawp-lite/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T16:21:29.000Z",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 SakolaWP \u003c= 1.0.8 - Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12470",
"datePublished": "2025-01-07T04:22:21.270Z",
"dateReserved": "2024-12-10T22:35:37.459Z",
"dateUpdated": "2026-04-08T17:27:31.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12347 (GCVE-0-2024-12347)
Vulnerability from cvelistv5 – Published: 2024-12-08 23:31 – Updated: 2024-12-09 15:44| URL | Tags |
|---|---|
| https://vuldb.com/?id.287267 | vdb-entry |
| https://vuldb.com/?ctiid.287267 | signaturepermissions-required |
| https://vuldb.com/?submit.453917 | third-party-advisory |
| https://github.com/dycccccccc/JEEWMS/blob/main/JE… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Guangzhou Huayi Intelligent Technology | Jeewms |
Affected:
1.0
|
|
| guangzhou_huayi_intelligent_technology | jeewms |
Affected:
1.0
cpe:2.3:a:guangzhou_huayi_intelligent_technology:jeewms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:guangzhou_huayi_intelligent_technology:jeewms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jeewms",
"vendor": "guangzhou_huayi_intelligent_technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T15:42:27.005429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T15:44:23.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Druid Monitoring Interface"
],
"product": "Jeewms",
"vendor": "Guangzhou Huayi Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dycc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Guangzhou Huayi Intelligent Technology Jeewms bis 1.0.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /jeewms_war/webpage/system/druid/index.html der Komponente Druid Monitoring Interface. Mit der Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-08T23:31:07.459Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-287267 | Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.287267"
},
{
"name": "VDB-287267 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.287267"
},
{
"name": "Submit #453917 | Guangzhou Huayi Intelligent Technology Co., Ltd. JEEWMS \u003c= 1.0.0 unauthorized access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.453917"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dycccccccc/JEEWMS/blob/main/JEEWMS%20Druid%20monitoring%20interface%20is%20not%20authorized.docx"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-08T09:28:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12347",
"datePublished": "2024-12-08T23:31:07.459Z",
"dateReserved": "2024-12-08T08:23:01.677Z",
"dateUpdated": "2024-12-09T15:44:23.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12303 (GCVE-0-2024-12303)
Vulnerability from cvelistv5 – Published: 2025-08-13 17:27 – Updated: 2025-08-13 20:00- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/508298 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2861889 | technical-descriptionexploitpermissions-required |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T19:59:48.614731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:00:25.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.0.6",
"status": "affected",
"version": "17.7",
"versionType": "semver"
},
{
"lessThan": "18.1.4",
"status": "affected",
"version": "18.1",
"versionType": "semver"
},
{
"lessThan": "18.2.2",
"status": "affected",
"version": "18.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [yuki_osaki](https://hackerone.com/yuki_osaki) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:27:45.555Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #508298",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508298"
},
{
"name": "HackerOne Bug Bounty Report #2861889",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2861889"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.0.6, 18.1.4, 18.2.2 or above."
}
],
"title": "Incorrect Privilege Assignment in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-12303",
"datePublished": "2025-08-13T17:27:45.555Z",
"dateReserved": "2024-12-06T15:01:51.485Z",
"dateUpdated": "2025-08-13T20:00:25.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12235 (GCVE-0-2024-12235)
Vulnerability from cvelistv5 – Published: 2024-12-05 17:31 – Updated: 2024-12-06 16:29| URL | Tags |
|---|---|
| https://vuldb.com/?id.286981 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.286981 | signaturepermissions-required |
| https://vuldb.com/?submit.456529 | third-party-advisory |
| https://github.com/sweatxi/rce/blob/main/AgileBPM… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Shenzhen Dashi Tongzhou Information Technology | AgileBPM |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:29:36.967966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T16:29:47.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AgileBPM",
"vendor": "Shenzhen Dashi Tongzhou Information Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dsh1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \\agile-bpm-basic-master\\ab-auth\\ab-auth-spring-security-oauth2\\src\\main\\java\\com\\dstz\\auth\\filter\\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Shenzhen Dashi Tongzhou Information Technology AgileBPM bis 1.0.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion doFilter der Datei \\agile-bpm-basic-master\\ab-auth\\ab-auth-spring-security-oauth2\\src\\main\\java\\com\\dstz\\auth\\filter\\AuthorizationTokenCheckFilter.java. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:31:05.516Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-286981 | Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.286981"
},
{
"name": "VDB-286981 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.286981"
},
{
"name": "Submit #456529 | Shenzhen Dashi Tongzhou Information Technology Co., Ltd. AgileBPM 1.0.0 vertical overreach",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456529"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/sweatxi/rce/blob/main/AgileBPM_vertical_overreach.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-05T09:58:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12235",
"datePublished": "2024-12-05T17:31:05.516Z",
"dateReserved": "2024-12-05T08:53:05.274Z",
"dateUpdated": "2024-12-06T16:29:47.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.