CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5966 vulnerabilities reference this CWE, most recent first.
CVE-2023-30845 (GCVE-0-2023-30845)
Vulnerability from cvelistv5 – Published: 2023-04-26 20:46 – Updated: 2025-02-03 16:45- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/GoogleCloudPlatform/esp-v2/sec… | x_refsource_CONFIRM |
| https://github.com/GoogleCloudPlatform/esp-v2/com… | x_refsource_MISC |
| https://github.com/GoogleCloudPlatform/esp-v2/com… | x_refsource_MISC |
| https://github.com/GoogleCloudPlatform/esp-v2/com… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| GoogleCloudPlatform | esp-v2 |
Affected:
>= 2.20.0, < 2.43.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/security/advisories/GHSA-6qmp-9p95-fc5f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/security/advisories/GHSA-6qmp-9p95-fc5f"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/0bcdfc024ce96b34db4e1b4f2211b509d9be93cd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/0bcdfc024ce96b34db4e1b4f2211b509d9be93cd"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e95670146f5e96bb5565b0a9c1e153886b3e04ce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e95670146f5e96bb5565b0a9c1e153886b3e04ce"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e98061ee4527a564506ba4e814c0ecf324dc2c6f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e98061ee4527a564506ba4e814c0ecf324dc2c6f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:45:23.826680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:45:28.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-v2",
"vendor": "GoogleCloudPlatform",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.43.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.\n\nESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.\n\nUpgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T20:46:25.263Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/security/advisories/GHSA-6qmp-9p95-fc5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/security/advisories/GHSA-6qmp-9p95-fc5f"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/0bcdfc024ce96b34db4e1b4f2211b509d9be93cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/0bcdfc024ce96b34db4e1b4f2211b509d9be93cd"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e95670146f5e96bb5565b0a9c1e153886b3e04ce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e95670146f5e96bb5565b0a9c1e153886b3e04ce"
},
{
"name": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e98061ee4527a564506ba4e814c0ecf324dc2c6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GoogleCloudPlatform/esp-v2/commit/e98061ee4527a564506ba4e814c0ecf324dc2c6f"
}
],
"source": {
"advisory": "GHSA-6qmp-9p95-fc5f",
"discovery": "UNKNOWN"
},
"title": "ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30845",
"datePublished": "2023-04-26T20:46:25.263Z",
"dateReserved": "2023-04-18T16:13:15.880Z",
"dateUpdated": "2025-02-03T16:45:28.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30560 (GCVE-0-2023-30560)
Vulnerability from cvelistv5 – Published: 2023-07-13 18:53 – Updated: 2024-10-31 17:33- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Becton Dickinson & Co | BD Alarisâ„¢ Point-of-Care Unit (PCU) Model 8015 |
Affected:
0 , ≤ 12.1.3
(custom)
|
|
| becton_dickinson_and_co | bd_alarisa_point_of_care_unit_model_8015 |
Affected:
0
cpe:2.3:h:becton_dickinson_and_co:bd_alarisa_point_of_care_unit_model_8015:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:becton_dickinson_and_co:bd_alarisa_point_of_care_unit_model_8015:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bd_alarisa_point_of_care_unit_model_8015",
"vendor": "becton_dickinson_and_co",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T17:29:20.439171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:33:02.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BD Alaris\u00e2\u201e\u00a2 Point-of-Care Unit (PCU) Model 8015",
"vendor": "Becton Dickinson \u0026 Co ",
"versions": [
{
"lessThanOrEqual": "12.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe configuration from the PCU can be modified without authentication using physical connection to the PCU. \u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "The configuration from the PCU can be modified without authentication using physical connection to the PCU. \n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T18:53:49.951Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": " PCU Configuration Lacks Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-30560",
"datePublished": "2023-07-13T18:53:49.951Z",
"dateReserved": "2023-04-12T16:30:07.536Z",
"dateUpdated": "2024-10-31T17:33:02.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29463 (GCVE-0-2023-29463)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:42 – Updated: 2025-02-27 20:54- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | Pavilion8 |
Affected:
<5.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:51:43.237837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:54:59.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pavilion8",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c5.20"
}
]
}
],
"datePublic": "2023-09-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\u003c/span\u003e\n\n"
}
],
"value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T16:42:14.868Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eRisk Mitigation \u0026amp; User Action\u003c/div\u003e\u003cdiv\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003cul\u003e\u003cli\u003eUpdate to v5.20\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\"\u003eQA43240 - Recommended Security Guidelines from Rockwell Automation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cstrong\u003eIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.\u003c/strong\u003e\u003col\u003e\u003cli\u003eOpen the \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file in your Pavilion8\u00ae installation folder set during installation and go to \u003cem\u003eConsole\\container\\webapps\\ROOT\\WEB-INF\u003c/em\u003e, by default this would be under \u003ccode\u003eC:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eSearch for the text \u003ccode\u003ejmx-console-action-handler\u003c/code\u003e\u0026nbsp;and delete the below lines from \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file:\u003cbr\u003e\u003cbr\u003e\u003ccode\u003e\u0026nbsp; \u0026lt;servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-class\u0026gt;com.pav.jboss.jmx.HtmlAdaptorServlet\u0026lt;/servlet-class\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;servlet-mapping\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;url-pattern\u0026gt;/jmx-console/HtmlAdaptor\u0026lt;/url-pattern\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet-mapping\u0026gt;\u003c/code\u003e\u003cbr\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eSave the changes and close the file.\u003c/li\u003e\u003cli\u003eRestart \u003cstrong\u003ePavilion8\u00ae Console Service\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eLogout and log back into the console and navigate to the URL \u003ccode\u003ehttp:// \u0026lt;FQDN\u0026gt;/jmx-console\u003c/code\u003e\u0026nbsp;to confirm you are getting the error message \u003ccode\u003eHTTP Status 404 \u2013 Not Found\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cblockquote\u003e\u003cp\u003e\u003cu\u003eNote\u003c/u\u003e: \u003ccode\u003e\u0026lt;FQDN\u0026gt;\u003c/code\u003e\u0026nbsp;is your fully qualified domain name used for the Console login.\u003c/p\u003e\u003c/blockquote\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRisk Mitigation \u0026 User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v5.20\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17. * Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n * Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \u003cservlet\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003cservlet-class\u003ecom.pav.jboss.jmx.HtmlAdaptorServlet\u003c/servlet-class\u003e\n\u00a0 \u003c/servlet\u003e\n\u00a0 \u003cservlet-mapping\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003curl-pattern\u003e/jmx-console/HtmlAdaptor\u003c/url-pattern\u003e\n\u00a0 \u003c/servlet-mapping\u003e\n\u00a0\n * Save the changes and close the file.\n * Restart Pavilion8\u00ae Console Service.\n * Logout and log back into the console and navigate to the URL http:// \u003cFQDN\u003e/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u003cFQDN\u003e\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pavilion8 Security Misconfiguration Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-29463",
"datePublished": "2023-09-12T16:42:14.868Z",
"dateReserved": "2023-04-06T18:42:59.008Z",
"dateUpdated": "2025-02-27T20:54:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29117 (GCVE-0-2023-29117)
Vulnerability from cvelistv5 – Published: 2024-11-05 15:14 – Updated: 2024-11-05 19:09- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Enel X | JuiceBox Pro 3.0 22kW Cellular |
Affected:
0 , ≤ 2.1.1.0_JB3VU096A
(custom)
|
|
| enel_x | juicebox_pro3.0_22kw_cellular |
Affected:
0 , ≤ 2.1.1.0_JB3VU096A
(custom)
cpe:2.3:a:enel_x:juicebox_pro3.0_22kw_cellular:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:enel_x:juicebox_pro3.0_22kw_cellular:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "juicebox_pro3.0_22kw_cellular",
"vendor": "enel_x",
"versions": [
{
"lessThanOrEqual": "2.1.1.0_JB3VU096A",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T19:08:28.815094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:09:05.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Manager interface"
],
"product": "JuiceBox Pro 3.0 22kW Cellular",
"vendor": "Enel X",
"versions": [
{
"lessThanOrEqual": "2.1.1.0_JB3VU096A",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdellah Benotsmane (PCAutomotive)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system."
}
],
"value": "Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:14:23.990Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in JuiceBox Web Manager interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2023-29117",
"datePublished": "2024-11-05T15:14:23.990Z",
"dateReserved": "2023-03-31T10:22:52.667Z",
"dateUpdated": "2024-11-05T19:09:05.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29062 (GCVE-0-2023-29062)
Vulnerability from cvelistv5 – Published: 2023-11-28 20:34 – Updated: 2024-08-02 14:00- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Becton, Dickinson and Company (BD) | FACSChorus |
Affected:
5.0 , ≤ 5.1
(custom)
Affected: 3.0 , ≤ 3.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "FACSChorus",
"vendor": "Becton, Dickinson and Company (BD)",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T14:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."
}
],
"value": "The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T20:34:22.945Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unsecure Identity Verification",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003c/ul\u003e\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\u003cbr\u003e\u003cul\u003e\u003cli\u003eEnsure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\u003c/li\u003e\u003cli\u003eIf the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\u003c/li\u003e\u003cli\u003eAdministrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n\n\n\n\nVulnerabilities associated with the BD FACSChorus software and workstations will be addressed in an upcoming release. This bulletin will be updated when more information is available. Please check periodically for updates. Additionally, BD recommends the following mitigations and compensating controls to reduce risk associated with these vulnerabilities. The following recommendations apply to all vulnerabilities listed in this bulletin:\n * Ensure physical access controls are in place and only authorized end-users have access to the BD FACSChorus Software and respective workstation.\n * If the BD FACSChorus workstation is connected to the local network, ensure industry standard network security policies and procedures are followed.\n * Administrative access to the FACSChorus software and workstation should be strictly controlled by the customer in collaboration with their local IT security policy.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2023-29062",
"datePublished": "2023-11-28T20:34:22.945Z",
"dateReserved": "2023-03-30T21:10:17.526Z",
"dateUpdated": "2024-08-02T14:00:15.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29032 (GCVE-0-2023-29032)
Vulnerability from cvelistv5 – Published: 2023-05-12 07:43 – Updated: 2024-10-10 19:48- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/j2d6mg3rzcphfd8vv… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Affected:
3.1.3 , < 7.1.0
(semver)
|
|
| apache | openmeetings |
Affected:
3.1.3 , < 7.1.0
(custom)
cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openmeetings",
"vendor": "apache",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "3.1.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T19:44:48.609636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:48:37.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "3.1.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker that has gained access to certain private information can use this to act as other user.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eVendor: The Apache Software Foundation\u003cbr\u003e\u003cbr\u003eVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0"
}
],
"value": "An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T07:43:30.483Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
}
],
"source": {
"defect": [
"OPENMEETINGS-2764"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenMeetings: allows bypass authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-29032",
"datePublished": "2023-05-12T07:43:30.483Z",
"dateReserved": "2023-03-30T04:39:06.692Z",
"dateUpdated": "2024-10-10T19:48:37.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28963 (GCVE-0-2023-28963)
Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 14:39- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.1R3-S10
(custom)
Affected: 19.2 , < 19.2R3-S7 (custom) Affected: 19.3 , < 19.3R3-S8 (custom) Affected: 19.4 , < 19.4R3-S11 (custom) Affected: 20.1R1 , < 20.1* (custom) Affected: 20.2 , < 20.2R3-S7 (custom) Affected: 20.3R1 , < 20.3* (custom) Affected: 20.4 , < 20.4R3-S6 (custom) Affected: 21.1 , < 21.1R3-S5 (custom) Affected: 21.2 , < 21.2R3-S4 (custom) Affected: 21.3 , < 21.3R3-S3 (custom) Affected: 21.4 , < 21.4R3-S3 (custom) Affected: 22.1 , < 22.1R3-S1 (custom) Affected: 22.2 , < 22.2R2-S1, 22.2R3 (custom) Affected: 22.3 , < 22.3R1-S2, 22.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70587"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:39:33.086115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:39:40.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S7",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S8",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S11",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S7",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R1",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S4",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S1",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S2, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Zitong Wang (CataLpa) of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70587"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S11, 20.2R3-S7, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70587",
"defect": [
"1698075"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: User-controlled input vulnerability in J-Web",
"workarounds": [
{
"lang": "en",
"value": "Disable J-Web, or limit access to only trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28963",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:39:40.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28962 (GCVE-0-2023-28962)
Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 14:40- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.4R3-S11
(custom)
Affected: 20.1R1 , < 20.1* (custom) Affected: 20.2 , < 20.2R3-S7 (custom) Affected: 20.3R1 , < 20.3* (custom) Affected: 20.4 , < 20.4R3-S6 (custom) Affected: 21.1R1 , < 21.1* (custom) Affected: 21.2 , < 21.2R3-S4 (custom) Affected: 21.3 , < 21.3R3-S3 (custom) Affected: 21.4 , < 21.4R3-S3 (custom) Affected: 22.1 , < 22.1R3-S1 (custom) Affected: 22.2 , < 22.2R2-S1, 22.2R3 (custom) Affected: 22.3 , < 22.3R1-S2, 22.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70587"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:39:56.863890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:40:04.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S7",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R1",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S4",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S1",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S2, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Zitong Wang (CataLpa) of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 version 21.1R1 and later versions; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70587"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.4R3-S11, 20.2R3-S7, 20.4R3-S6, 21.2R3-S4, 21.3R3-S3, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, 22.4R2, 23.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70587",
"defect": [
"1698072"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: Unauthenticated access vulnerability in J-Web",
"workarounds": [
{
"lang": "en",
"value": "Disable J-Web, or limit access to only trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28962",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:40:04.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28647 (GCVE-0-2023-28647)
Vulnerability from cvelistv5 – Published: 2023-03-30 18:12 – Updated: 2025-02-11 18:57| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/ios/pull/2344 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 4.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6"
},
{
"name": "https://github.com/nextcloud/ios/pull/2344",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/ios/pull/2344"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:57:13.676071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:57:19.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T18:12:25.312Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6"
},
{
"name": "https://github.com/nextcloud/ios/pull/2344",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/ios/pull/2344"
}
],
"source": {
"advisory": "GHSA-wjgg-2v4p-2gq6",
"discovery": "UNKNOWN"
},
"title": "App pin of the iOS app can be bypassed in Nextcloud iOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28647",
"datePublished": "2023-03-30T18:12:25.312Z",
"dateReserved": "2023-03-20T12:19:47.209Z",
"dateUpdated": "2025-02-11T18:57:19.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28646 (GCVE-0-2023-28646)
Vulnerability from cvelistv5 – Published: 2023-03-30 18:16 – Updated: 2025-02-11 18:56| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/android/pull/11242 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 3.7.0, < 3.24.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v"
},
{
"name": "https://github.com/nextcloud/android/pull/11242",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/android/pull/11242"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:56:18.707590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:56:24.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.24.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T18:16:18.917Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v"
},
{
"name": "https://github.com/nextcloud/android/pull/11242",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/android/pull/11242"
}
],
"source": {
"advisory": "GHSA-c3rf-94h6-vj8v",
"discovery": "UNKNOWN"
},
"title": "App lockout in nextcloud Android app can be bypassed via thirdparty apps"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28646",
"datePublished": "2023-03-30T18:16:18.917Z",
"dateReserved": "2023-03-20T12:19:47.209Z",
"dateUpdated": "2025-02-11T18:56:24.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.