Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4798 vulnerabilities reference this CWE, most recent first.

CVE-2020-17405 (GCVE-0-2020-17405)

Vulnerability from cvelistv5 – Published: 2020-09-01 18:00 – Updated: 2024-08-04 13:53
VLAI
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
zdi
References
Impacted products
Vendor Product Version
Senstar Symphony Affected: 7.3.2.2
Create a notification for this product.
Credits
Joachim Kerschbaumer (@joachimk)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:53:17.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Symphony",
          "vendor": "Senstar",
          "versions": [
            {
              "status": "affected",
              "version": "7.3.2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joachim Kerschbaumer (@joachimk)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-01T18:00:16.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2020-17405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Symphony",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.3.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Senstar"
              }
            ]
          }
        },
        "credit": "Joachim Kerschbaumer (@joachimk)",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502: Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1080/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2020-17405",
    "datePublished": "2020-09-01T18:00:16.000Z",
    "dateReserved": "2020-08-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:53:17.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15244 (GCVE-0-2020-15244)

Vulnerability from cvelistv5 – Published: 2020-10-21 20:05 – Updated: 2024-08-04 13:08
VLAI
Title
RCE in Magento
Summary
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
CWE
  • CWE-502 - Deserialization of Untrusted Data
  • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
Vendor Product Version
OpenMage magento-lts Affected: < 19.4.8
Affected: >= 20.0.0, < 20.0.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:23.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "magento-lts",
          "vendor": "OpenMage",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 19.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0, \u003c 20.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-21T20:05:20.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
        }
      ],
      "source": {
        "advisory": "GHSA-jrgf-vfw2-hj26",
        "discovery": "UNKNOWN"
      },
      "title": "RCE in Magento",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15244",
          "STATE": "PUBLIC",
          "TITLE": "RCE in Magento"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "magento-lts",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 19.4.8"
                          },
                          {
                            "version_value": "\u003e= 20.0.0, \u003c 20.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenMage"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502 Deserialization of Untrusted Data"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26",
              "refsource": "CONFIRM",
              "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26"
            },
            {
              "name": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b",
              "refsource": "MISC",
              "url": "https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630b"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-jrgf-vfw2-hj26",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15244",
    "datePublished": "2020-10-21T20:05:20.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:23.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15188 (GCVE-0-2020-15188)

Vulnerability from cvelistv5 – Published: 2020-09-18 17:05 – Updated: 2024-08-04 13:08
VLAI
Title
Unauthenticated Remote Code Execution in SOY CMS
Summary
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
CWE
  • CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
Assigner
Impacted products
Vendor Product Version
inunosinsi soycms Affected: < 3.0.2.328
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/inunosinsi/soycms/issues/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "soycms",
          "vendor": "inunosinsi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.2.328"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-18T17:05:18.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/inunosinsi/soycms/issues/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
        }
      ],
      "source": {
        "advisory": "GHSA-hrrx-m22r-p9jp",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Remote Code Execution in SOY CMS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15188",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated Remote Code Execution in SOY CMS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "soycms",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.0.2.328"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "inunosinsi"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp",
              "refsource": "CONFIRM",
              "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"
            },
            {
              "name": "https://github.com/inunosinsi/soycms/issues/10",
              "refsource": "MISC",
              "url": "https://github.com/inunosinsi/soycms/issues/10"
            },
            {
              "name": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020",
              "refsource": "MISC",
              "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"
            },
            {
              "name": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be",
              "refsource": "MISC",
              "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU\u0026feature=youtu.be"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hrrx-m22r-p9jp",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15188",
    "datePublished": "2020-09-18T17:05:18.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15172 (GCVE-0-2020-15172)

Vulnerability from cvelistv5 – Published: 2020-09-15 18:45 – Updated: 2024-08-04 13:08
VLAI
Title
Remote Code Execution in Act module
Summary
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible.
CWE
  • CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
Assigner
References
Impacted products
Vendor Product Version
zephyrkul FluffyCogs Affected: < 2.0.38
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FluffyCogs",
          "vendor": "zephyrkul",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.38"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-15T18:45:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347"
        }
      ],
      "source": {
        "advisory": "GHSA-rm7m-j4xp-rv2p",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution in Act module",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15172",
          "STATE": "PUBLIC",
          "TITLE": "Remote Code Execution in Act module"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FluffyCogs",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.0.38"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "zephyrkul"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with `unload act` can render this exploit inaccessible."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p",
              "refsource": "CONFIRM",
              "url": "https://github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p"
            },
            {
              "name": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347",
              "refsource": "MISC",
              "url": "https://github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-rm7m-j4xp-rv2p",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15172",
    "datePublished": "2020-09-15T18:45:13.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15148 (GCVE-0-2020-15148)

Vulnerability from cvelistv5 – Published: 2020-09-15 18:25 – Updated: 2024-08-04 13:08
VLAI
Title
Unsafe deserialization in Yii 2
Summary
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
CWE
  • CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
Assigner
References
Impacted products
Vendor Product Version
yiisoft yii2 Affected: < 2.0.38
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:21.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "yii2",
          "vendor": "yiisoft",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.38"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-15T18:25:12.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99"
        }
      ],
      "source": {
        "advisory": "GHSA-699q-wcff-g9mj",
        "discovery": "UNKNOWN"
      },
      "title": "Unsafe deserialization in Yii 2",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15148",
          "STATE": "PUBLIC",
          "TITLE": "Unsafe deserialization in Yii 2"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "yii2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.0.38"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "yiisoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj",
              "refsource": "CONFIRM",
              "url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj"
            },
            {
              "name": "https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99",
              "refsource": "MISC",
              "url": "https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-699q-wcff-g9mj",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15148",
    "datePublished": "2020-09-15T18:25:12.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:21.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15098 (GCVE-0-2020-15098)

Vulnerability from cvelistv5 – Published: 2020-07-29 16:15 – Updated: 2024-08-04 13:08
VLAI
Title
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Summary
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
CWE
  • CWE-325 - Missing Required Cryptographic Step
  • CWE-20 - Improper Input Validation
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-502 - Deserialization of Untrusted Data
Assigner
Impacted products
Vendor Product Version
TYPO3 TYPO3 CMS Affected: >= 9.0.0, < 9.5.20
Affected: >= 10.0.0, 10.4.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:21.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TYPO3 CMS",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.5.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, 10.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "CWE-325: Missing Required Cryptographic Step",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T16:15:24.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
        }
      ],
      "source": {
        "advisory": "GHSA-m5vr-3m74-jwxp",
        "discovery": "UNKNOWN"
      },
      "title": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15098",
          "STATE": "PUBLIC",
          "TITLE": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TYPO3 CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 9.0.0, \u003c 9.5.20"
                          },
                          {
                            "version_value": "\u003e= 10.0.0, 10.4.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TYPO3"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization \u0026 remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-325: Missing Required Cryptographic Step"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502: Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp",
              "refsource": "CONFIRM",
              "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
            },
            {
              "name": "https://typo3.org/security/advisory/typo3-core-sa-2016-013",
              "refsource": "MISC",
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
            },
            {
              "name": "https://typo3.org/security/advisory/typo3-core-sa-2020-008",
              "refsource": "MISC",
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
            },
            {
              "name": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1",
              "refsource": "MISC",
              "url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-m5vr-3m74-jwxp",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15098",
    "datePublished": "2020-07-29T16:15:25.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:21.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15086 (GCVE-0-2020-15086)

Vulnerability from cvelistv5 – Published: 2020-07-29 16:15 – Updated: 2024-08-04 13:08
VLAI
Title
Potential Remote Code Execution in TYPO3 with mediace extension
Summary
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
CWE
  • CWE-20 - {"CWE-20":"Improper Input Validation"}
  • CWE-325 - {"CWE-325":"Missing Required Cryptographic Step"}
  • CWE-502 - {"CWE-502":"Deserialization of Untrusted Data"}
  • CWE-200 - Information Exposure
Assigner
Impacted products
Vendor Product Version
FriendsOfTYPO3 mediace Affected: >= 7.6.2, < 7.6.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:21.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediace",
          "vendor": "FriendsOfTYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.6.2, \u003c 7.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "{\"CWE-20\":\"Improper Input Validation\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "{\"CWE-325\":\"Missing Required Cryptographic Step\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T16:15:30.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
        }
      ],
      "source": {
        "advisory": "GHSA-4h44-w6fm-548g",
        "discovery": "UNKNOWN"
      },
      "title": "Potential Remote Code Execution in TYPO3 with mediace extension",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15086",
          "STATE": "PUBLIC",
          "TITLE": "Potential Remote Code Execution in TYPO3 with mediace extension"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mediace",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 7.6.2, \u003c 7.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FriendsOfTYPO3"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In TYPO3 installations with the \"mediace\" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the \"mediace\" extension for TYPO3."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-20\":\"Improper Input Validation\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-325\":\"Missing Required Cryptographic Step\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g",
              "refsource": "CONFIRM",
              "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75",
              "refsource": "MISC",
              "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
            },
            {
              "name": "https://github.com/FriendsOfTYPO3/mediace/pull/31",
              "refsource": "MISC",
              "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4h44-w6fm-548g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15086",
    "datePublished": "2020-07-29T16:15:30.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:21.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12525 (GCVE-0-2020-12525)

Vulnerability from cvelistv5 – Published: 2021-01-22 19:01 – Updated: 2024-09-16 23:11
VLAI
Title
WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
Summary
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
M&M Software fdtCONTAINER Component Affected: unspecified , < 3.5 (custom)
Affected: 3.5 , < 3.5.20304.x (custom)
Affected: 3.6 , < 3.6.20304.x (custom)
Create a notification for this product.
M&M Software fdtCONTAINER Application Affected: unspecified , < 4.5 (custom)
Affected: 4.5 , < 4.5.20304.x (custom)
Affected: 4.6 , < 4.6.20304.x (custom)
Create a notification for this product.
M&M Software dtmlINSPECTOR Affected: 3
Create a notification for this product.
Pepperl+Fuchs/PACTware PACTware Affected: unspecified , ≤ 5.0.5.31 (custom)
Create a notification for this product.
Weidmüller WI Manager Affected: unspecified , ≤ 2.5.1 (custom)
Create a notification for this product.
Date Public
2021-01-14 00:00
Credits
Reported by a customer of the fdtCONTAINER component. Coordinated by CERT@VDE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fdtCONTAINER Component",
          "vendor": "M\u0026M Software",
          "versions": [
            {
              "lessThan": "3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.20304.x",
              "status": "affected",
              "version": "3.5",
              "versionType": "custom"
            },
            {
              "lessThan": "3.6.20304.x",
              "status": "affected",
              "version": "3.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "fdtCONTAINER Application",
          "vendor": "M\u0026M Software",
          "versions": [
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.20304.x",
              "status": "affected",
              "version": "4.5",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.20304.x",
              "status": "affected",
              "version": "4.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "dtmlINSPECTOR",
          "vendor": "M\u0026M Software",
          "versions": [
            {
              "status": "affected",
              "version": "3"
            }
          ]
        },
        {
          "product": "PACTware",
          "vendor": "Pepperl+Fuchs/PACTware",
          "versions": [
            {
              "lessThanOrEqual": "5.0.5.31",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "WI Manager",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "2.5.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by a customer of the fdtCONTAINER component. Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2021-01-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "M\u0026M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T14:58:35.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "M\u0026M Software provides two updated fdtCONTAINER component trees (3.6.20304.x \u003c 3.7 and \u003e= 3.7) see advisory https://cert.vde.com/en-us/advisories/vde-2020-048 for details."
        }
      ],
      "source": {
        "advisory": "VDE-2020-048",
        "defect": [
          "VDE-2020-048"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WAGO/M\u0026M Software Deserialization of untrusted data in fdtCONTAINER component",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-01-14T11:00:00.000Z",
          "ID": "CVE-2020-12525",
          "STATE": "PUBLIC",
          "TITLE": "WAGO/M\u0026M Software Deserialization of untrusted data in fdtCONTAINER component"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "fdtCONTAINER Component",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.5",
                            "version_value": "3.5.20304.x"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.6",
                            "version_value": "3.6.20304.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "fdtCONTAINER Application",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.5",
                            "version_value": "4.5.20304.x"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.6",
                            "version_value": "4.6.20304.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "dtmlINSPECTOR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "M\u0026M Software"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PACTware",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "5.0.5.31"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs/PACTware"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WI Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by a customer of the fdtCONTAINER component. Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "M\u0026M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502 Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "M\u0026M Software provides two updated fdtCONTAINER component trees (3.6.20304.x \u003c 3.7 and \u003e= 3.7) see advisory https://cert.vde.com/en-us/advisories/vde-2020-048 for details."
          }
        ],
        "source": {
          "advisory": "VDE-2020-048",
          "defect": [
            "VDE-2020-048"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12525",
    "datePublished": "2021-01-22T19:01:56.886Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:11:43.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12015 (GCVE-0-2020-12015)

Vulnerability from cvelistv5 – Published: 2020-07-16 21:30 – Updated: 2024-08-04 11:48
VLAI
Summary
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
Severity
No CVSS data available.
CWE
  • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
Assigner
References
Impacted products
Vendor Product Version
Mitsubishi Electric MC Works64 Affected: version 4.02C (10.95.208.31) and earlier
Affected: all versions
Create a notification for this product.
Mitsubishi Electric MC Works32 Affected: version 3.00A (9.50.255.02)
Create a notification for this product.
ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server Affected: version 10.96 and prior
Create a notification for this product.
ICONICS GenBroker32 Affected: version 9.5 and prior
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "version 10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "version 9.5 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T21:30:43.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-03"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02",
              "refsource": "CONFIRM",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-170-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12015",
    "datePublished": "2020-07-16T21:30:43.000Z",
    "dateReserved": "2020-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:48:57.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12009 (GCVE-0-2020-12009)

Vulnerability from cvelistv5 – Published: 2020-07-16 19:39 – Updated: 2024-09-16 23:00
VLAI
Summary
A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Severity
No CVSS data available.
CWE
  • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
Assigner
References
Impacted products
Date Public
2020-06-18 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MC Works64",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "4.02C (10.95.208.31) and earlier"
            },
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "MC Works32",
          "vendor": "Mitsubishi Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.00A (9.50.255.02)"
            }
          ]
        },
        {
          "product": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v10.96 and prior"
            }
          ]
        },
        {
          "product": "GenBroker32",
          "vendor": "ICONICS",
          "versions": [
            {
              "status": "affected",
              "version": "v9.5 and prior"
            }
          ]
        }
      ],
      "datePublic": "2020-06-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T19:39:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2020-06-18T15:00:00.000Z",
          "ID": "CVE-2020-12009",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MC Works64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.02C (10.95.208.31) and earlier"
                          },
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MC Works32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.00A (9.50.255.02)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mitsubishi Electric"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GenBroker64, Platform Services, Workbench, FrameWorX Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v10.96 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GenBroker32",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v9.5 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICONICS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-02"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-03"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12009",
    "datePublished": "2020-07-16T19:39:24.072Z",
    "dateReserved": "2020-04-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:00:29.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.