Common Weakness Enumeration

CWE-552

Allowed

Files or Directories Accessible to External Parties

Abstraction: Base · Status: Draft

The product makes files or directories accessible to unauthorized actors, even though they should not be.

670 vulnerabilities reference this CWE, most recent first.

CVE-2024-7729 (GCVE-0-2024-7729)

Vulnerability from cvelistv5 – Published: 2024-08-14 03:52 – Updated: 2024-08-16 15:46
VLAI
Title
CAYIN Technology CMS - Sensitive File Download
Summary
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
CAYIN Technology SMP-2100 Affected: 3.0
Create a notification for this product.
CAYIN Technology SMP-2200 Affected: 3.0 , ≤ 4.0 (custom)
Create a notification for this product.
CAYIN Technology SMP-2210 Affected: 3.0 , ≤ 4.0 (custom)
Create a notification for this product.
CAYIN Technology SMP-2300 Affected: 3.0 , ≤ 4.0 (custom)
Create a notification for this product.
CAYIN Technology SMP-2310 Affected: 3.0 , ≤ 4.0 (custom)
Create a notification for this product.
CAYIN Technology SMP-6000 Affected: 3.0
Create a notification for this product.
CAYIN Technology SMP-8000 Affected: 3.0
Create a notification for this product.
CAYIN Technology SMP-8000QD Affected: 3.0
Create a notification for this product.
CAYIN Technology CMS-20 Affected: 11.0
Create a notification for this product.
CAYIN Technology CMS-60 Affected: 11.0
Create a notification for this product.
CAYIN Technology CMS-SE Affected: 11.0
Create a notification for this product.
CAYIN Technology CMS-SE(18.04) Affected: 11.0
Create a notification for this product.
CAYIN Technology CMS-SE(22.04) Affected: 11.0
Create a notification for this product.
CAYIN Technology SMP-8100 Affected: 4.0
Create a notification for this product.
CAYIN Technology SMP-2400 Affected: 4.0
Create a notification for this product.
cayintech smp-2100 Affected: 3.0
    cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-2200 Affected: 3.0 , ≤ 4.0 (custom)
    cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-2210 Affected: 3.0 , ≤ 4.0 (custom)
    cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-2300 Affected: 3.0 , ≤ 4.0 (custom)
    cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-2310 Affected: 3.0 , ≤ 4.0 (custom)
    cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-6000 Affected: 3.0
    cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-8000 Affected: 3.0
    cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-8000qd Affected: 3.0
    cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech cms-20 Affected: 11.0
    cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech cms-60 Affected: 11.0
    cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech cms-se Affected: 11.0
    cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech cms-se\(18.04\) Affected: 11.0
    cpe:2.3:h:cayintech:cms-se\(18.04\):11.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech cms-se\(22.04\) Affected: 11.0
    cpe:2.3:h:cayintech:cms-se\(22.04\):11.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-8100 Affected: 4.0
    cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*
Create a notification for this product.
cayintech smp-2400 Affected: 4.0
    cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-14 03:29
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2100",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2200",
            "vendor": "cayintech",
            "versions": [
              {
                "lessThanOrEqual": "4.0",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2210",
            "vendor": "cayintech",
            "versions": [
              {
                "lessThanOrEqual": "4.0",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2300",
            "vendor": "cayintech",
            "versions": [
              {
                "lessThanOrEqual": "4.0",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2310",
            "vendor": "cayintech",
            "versions": [
              {
                "lessThanOrEqual": "4.0",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-6000",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-8000",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-8000qd",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "3.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cms-20",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cms-60",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cms-se",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cms-se\\(18.04\\)",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cms-se\\(22.04\\)",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "11.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-8100",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smp-2400",
            "vendor": "cayintech",
            "versions": [
              {
                "status": "affected",
                "version": "4.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T15:25:14.308294Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T15:46:19.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2100",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2200",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "lessThanOrEqual": "4.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2210",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "lessThanOrEqual": "4.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2300",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "lessThanOrEqual": "4.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2310",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "lessThanOrEqual": "4.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-6000",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-8000",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-8000QD",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-20",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-60",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-SE",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-SE(18.04)",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMS-SE(22.04)",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-8100",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SMP-2400",
          "vendor": "CAYIN Technology",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        }
      ],
      "datePublic": "2024-08-14T03:29:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
            }
          ],
          "value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-497",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-497 File Discovery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T03:52:43.673Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://resource1.cayintech.com/patch/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24012 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2100 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-6000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000QD v3.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24006 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-20 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-60 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(18.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24007 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(22.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24008 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8100 v4.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24009 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2400 v4.0\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Install patch P24012 or later for following versions\uff1a\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions\uff1a\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions\uff1a\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions\uff1a\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions\uff1a\nSMP-2400 v4.0"
        }
      ],
      "source": {
        "advisory": "TVN-202408004",
        "discovery": "EXTERNAL"
      },
      "title": "CAYIN Technology CMS - Sensitive File Download",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-7729",
    "datePublished": "2024-08-14T03:52:43.673Z",
    "dateReserved": "2024-08-13T06:08:30.865Z",
    "dateUpdated": "2024-08-16T15:46:19.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7107 (GCVE-0-2024-7107)

Vulnerability from cvelistv5 – Published: 2024-09-26 12:02 – Updated: 2026-06-03 11:36
VLAI
Title
Directory Traversal in National Keep's CyberMath
Summary
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
National Keep Cyber Security Services CyberMath Affected: 0 , < CYBM.240816253 (custom)
Create a notification for this product.
Credits
Serhat YAPICI
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T12:59:23.837947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T12:59:32.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CyberMath",
          "vendor": "National Keep Cyber Security Services",
          "versions": [
            {
              "lessThan": "CYBM.240816253",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Serhat YAPICI"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects CyberMath: before CYBM.240816253.\u003c/p\u003e"
            }
          ],
          "value": "Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.\n\nThis issue affects CyberMath: before CYBM.240816253."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-150",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-150 Collect Data from Common Resource Locations"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T11:36:41.140Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1549"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1549"
        }
      ],
      "source": {
        "advisory": "TR-24-1549",
        "defect": [
          "TR-24-1549"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Directory Traversal in National Keep\u0027s CyberMath",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-7107",
    "datePublished": "2024-09-26T12:02:41.541Z",
    "dateReserved": "2024-07-25T13:01:03.362Z",
    "dateUpdated": "2026-06-03T11:36:41.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6911 (GCVE-0-2024-6911)

Vulnerability from cvelistv5 – Published: 2024-07-22 20:44 – Updated: 2025-02-13 17:58
VLAI
Title
Unauthenticated Local File Inclusion
Summary
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Vendor Product Version
PerkinElmer ProcessPlus Affected: 0 , ≤ 1.11.6507.0 (custom)
Create a notification for this product.
perkin_elmer process_plus Affected: 0 , ≤ 1.11.6507.0 (custom)
    cpe:2.3:a:perkin_elmer:process_plus:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
S. Dietz (CyberDanube) T. Weber (CyberDanube)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:perkin_elmer:process_plus:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "process_plus",
            "vendor": "perkin_elmer",
            "versions": [
              {
                "lessThanOrEqual": "1.11.6507.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6911",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T13:09:10.592161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T13:11:17.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:45:38.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "ProcessPlus",
          "vendor": "PerkinElmer",
          "versions": [
            {
              "lessThanOrEqual": "1.11.6507.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "S. Dietz (CyberDanube)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "T. Weber (CyberDanube)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.\u003cp\u003eThis issue affects ProcessPlus: through 1.11.6507.0.\u003c/p\u003e"
            }
          ],
          "value": "Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-139",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-139 Relative Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T20:55:10.509Z",
        "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "shortName": "CyberDanube"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/13"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Install the patched version 2.0.0."
            }
          ],
          "value": "Install the patched version 2.0.0."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Local File Inclusion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
    "assignerShortName": "CyberDanube",
    "cveId": "CVE-2024-6911",
    "datePublished": "2024-07-22T20:44:30.475Z",
    "dateReserved": "2024-07-19T08:59:58.455Z",
    "dateUpdated": "2025-02-13T17:58:00.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6878 (GCVE-0-2024-6878)

Vulnerability from cvelistv5 – Published: 2024-09-18 14:55 – Updated: 2026-06-03 12:09
VLAI
Title
Directory Browsing in Eliz Software's Panel
Summary
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
Eliz Software Panel Affected: 0 , < v2.3.24 (custom)
Create a notification for this product.
eliz_software panel Affected: 0 , < v2.3.24 (custom)
    cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Serhat YAPICI
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "panel",
            "vendor": "eliz_software",
            "versions": [
              {
                "lessThan": "v2.3.24",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T17:53:07.753591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:58:13.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Panel",
          "vendor": "Eliz Software",
          "versions": [
            {
              "lessThan": "v2.3.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Serhat YAPICI"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Panel: before v2.3.24.\u003c/p\u003e"
            }
          ],
          "value": "Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.\n\nThis issue affects Panel: before v2.3.24."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-150",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-150 Collect Data from Common Resource Locations"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T12:09:38.557Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1497"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1497"
        }
      ],
      "source": {
        "advisory": "TR-24-1497",
        "defect": [
          "TR-24-1497"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Directory Browsing in Eliz Software\u0027s Panel",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-6878",
    "datePublished": "2024-09-18T14:55:24.769Z",
    "dateReserved": "2024-07-18T09:00:28.879Z",
    "dateUpdated": "2026-06-03T12:09:38.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6421 (GCVE-0-2024-6421)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:36 – Updated: 2025-08-22 07:00
VLAI
Title
Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products
Summary
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
Pepperl+Fuchs OIT1500-F113-B12-CB Affected: 0 , ≤ V2.11.0 (semver)
Create a notification for this product.
Pepperl+Fuchs OIT200-F113-B12-CB Affected: 0 , ≤ V2.11.0 (semver)
Create a notification for this product.
Pepperl+Fuchs OIT500-F113-B12-CB Affected: 0 , ≤ V2.11.0 (semver)
Create a notification for this product.
Pepperl+Fuchs OIT700-F113-B12-CB Affected: 0 , ≤ V2.11.0 (semver)
Create a notification for this product.
pepperl-fuchs oit1500-f113-b12-cb_firmware Affected: 0 , ≤ V2.11.0 (semver)
    cpe:2.3:o:pepperl-fuchs:oit1500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
pepperl-fuchs oit200-f113-b12-cb_firmware Affected: 0 , ≤ V2.11.0 (semver)
    cpe:2.3:o:pepperl-fuchs:oit200-f113-b12-cb_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
pepperl-fuchs oit500-f113-b12-cb_firmware Affected: 0 , ≤ V2.11.0 (semver)
    cpe:2.3:o:pepperl-fuchs:oit500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
pepperl-fuchs oit700-f113-b12-cb_firmware Affected: 0 , ≤ V2.11.0 (semver)
    cpe:2.3:o:pepperl-fuchs:oit700-f113-b12-cb_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
BMW AG
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:pepperl-fuchs:oit1500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "oit1500-f113-b12-cb_firmware",
            "vendor": "pepperl-fuchs",
            "versions": [
              {
                "lessThanOrEqual": "V2.11.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:pepperl-fuchs:oit200-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "oit200-f113-b12-cb_firmware",
            "vendor": "pepperl-fuchs",
            "versions": [
              {
                "lessThanOrEqual": "V2.11.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:pepperl-fuchs:oit500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "oit500-f113-b12-cb_firmware",
            "vendor": "pepperl-fuchs",
            "versions": [
              {
                "lessThanOrEqual": "V2.11.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:pepperl-fuchs:oit700-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "oit700-f113-b12-cb_firmware",
            "vendor": "pepperl-fuchs",
            "versions": [
              {
                "lessThanOrEqual": "V2.11.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6421",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T14:15:26.548063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T14:33:22.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2024-038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OIT1500-F113-B12-CB",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "V2.11.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OIT200-F113-B12-CB",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "V2.11.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OIT500-F113-B12-CB",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "V2.11.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OIT700-F113-B12-CB",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "V2.11.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "BMW AG"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
            }
          ],
          "value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T07:00:50.289Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-038"
        }
      ],
      "source": {
        "advisory": "VDE-2024-038",
        "defect": [
          "CERT@VDE#641655"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-6421",
    "datePublished": "2024-07-10T07:36:52.119Z",
    "dateReserved": "2024-07-01T07:38:21.490Z",
    "dateUpdated": "2025-08-22T07:00:50.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6209 (GCVE-0-2024-6209)

Vulnerability from cvelistv5 – Published: 2024-07-05 11:10 – Updated: 2024-12-05 12:13
VLAI
Title
unauthorized file access
Summary
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
ABB
Impacted products
Vendor Product Version
ABB ASPECT-Enterprise Affected: 0 , ≤ 3.08.01 (custom)
Create a notification for this product.
ABB NEXUS Series Affected: 0 , ≤ 3.08.01 (custom)
Create a notification for this product.
ABB MATRIX Series Affected: 0 , ≤ 3.08.01 (custom)
Create a notification for this product.
abb aspect-ent-2_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-96_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-a_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-f_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-g_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-a_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-f_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-g_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-3-2128_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-3-264_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-11_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-216_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-232_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-264_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-12_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-256_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-296_firmware Affected: 0 , < 3.08.01 (custom)
    cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-2_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-2_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-96_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-96_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-a_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-a_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-f_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-f_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-g_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-a_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264-a_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-f_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264-f_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nexus-264-g_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-3-2128_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-3-2128_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-3-264_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-3-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-11_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-11_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-216_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-216_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-232_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-232_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-264_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-12_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-12_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-256_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-256_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-296_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-296_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.08.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6209",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T17:24:31.125468Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:24:44.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.39956449.23035250.1719878527-141379670.1701144964"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "ASPECT-Enterprise",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.08.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "NEXUS Series",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.08.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "MATRIX Series",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.08.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized\u0026nbsp;"
            }
          ],
          "value": "Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series\n\n v3.08.01\n\n; MATRIX Series \n\n v3.08.01 allows Attacker to access files unauthorized"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "IRRECOVERABLE",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:I/V:C/RE:H/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T12:13:47.544Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "unauthorized file access",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-6209",
    "datePublished": "2024-07-05T11:10:05.458Z",
    "dateReserved": "2024-06-20T16:27:24.196Z",
    "dateUpdated": "2024-12-05T12:13:47.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5587 (GCVE-0-2024-5587)

Vulnerability from cvelistv5 – Published: 2024-06-02 10:00 – Updated: 2024-08-20 13:47
VLAI
Title
Casdoor Configuration File app.conf file access
Summary
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible
Assigner
References
Impacted products
Vendor Product Version
n/a Casdoor Affected: 1.335
casbin casdoor Affected: 0 , ≤ 1.335 (custom)
    cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
XbnWa (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-266838 | Casdoor Configuration File app.conf file access",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.266838"
          },
          {
            "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.266838"
          },
          {
            "name": "Submit #343357 | https://casdoor.org/ Casdoor \u003c= v1.335.0 Unprotected Confidential Information on Device is Accessible by",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.343357"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "casdoor",
            "vendor": "casbin",
            "versions": [
              {
                "lessThanOrEqual": "1.335",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5587",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T13:43:22.313467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T13:47:48.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Configuration File Handler"
          ],
          "product": "Casdoor",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.335"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "XbnWa (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in Casdoor bis 1.335.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /conf/app.conf der Komponente Configuration File Handler. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-02T10:00:07.703Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-266838 | Casdoor Configuration File app.conf file access",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.266838"
        },
        {
          "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.266838"
        },
        {
          "name": "Submit #343357 | https://casdoor.org/ Casdoor \u003c= v1.335.0 Unprotected Confidential Information on Device is Accessible by",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.343357"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-06-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-06-01T19:21:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Casdoor Configuration File app.conf file access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-5587",
    "datePublished": "2024-06-02T10:00:07.703Z",
    "dateReserved": "2024-06-01T17:15:45.189Z",
    "dateUpdated": "2024-08-20T13:47:48.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5262 (GCVE-0-2024-5262)

Vulnerability from cvelistv5 – Published: 2024-06-05 04:00 – Updated: 2024-08-01 21:11
VLAI
Title
ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties
Summary
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
ProjectDiscovery Interactsh Affected: v0.0.6 , ≤ v1.1.9 (custom)
Create a notification for this product.
projectdiscovery interactsh Affected: 0.0.6 , ≤ 1.1.9 (custom)
    cpe:2.3:a:projectdiscovery:interactsh:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-05 04:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:projectdiscovery:interactsh:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "interactsh",
            "vendor": "projectdiscovery",
            "versions": [
              {
                "lessThanOrEqual": "1.1.9",
                "status": "affected",
                "version": "0.0.6",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T13:49:50.112559Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T13:51:58.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:11:11.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://zuso.ai/advisory/za-2024-01"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/projectdiscovery/interactsh/pull/874"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Interactsh",
          "vendor": "ProjectDiscovery",
          "versions": [
            {
              "lessThanOrEqual": "v1.1.9",
              "status": "affected",
              "version": "v0.0.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-06-05T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login."
            }
          ],
          "value": "Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-05T04:00:31.273Z",
        "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
        "shortName": "ZUSO ART"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://zuso.ai/advisory/za-2024-01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/projectdiscovery/interactsh/pull/874"
        }
      ],
      "source": {
        "defect": [
          "ZA-2024-01"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
    "assignerShortName": "ZUSO ART",
    "cveId": "CVE-2024-5262",
    "datePublished": "2024-06-05T04:00:31.273Z",
    "dateReserved": "2024-05-23T08:04:35.538Z",
    "dateUpdated": "2024-08-01T21:11:11.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5056 (GCVE-0-2024-5056)

Vulnerability from cvelistv5 – Published: 2024-06-12 12:10 – Updated: 2024-08-01 21:03
VLAI
Summary
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:schneider-electric:modicom_m340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modicom_m340_firmware",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modicom_m340",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T14:14:02.243238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T14:17:06.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Network module, Modicon M340, Modbus/TCP BMXNOE0100",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Network module, Modicon M340, Ethernet TCP/IP BMXNOE0110",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nCWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem.\n\n"
            }
          ],
          "value": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T12:10:43.250Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-5056",
    "datePublished": "2024-06-12T12:10:43.250Z",
    "dateReserved": "2024-05-17T10:06:08.565Z",
    "dateUpdated": "2024-08-01T21:03:10.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5045 (GCVE-0-2024-5045)

Vulnerability from cvelistv5 – Published: 2024-05-17 12:31 – Updated: 2024-08-01 21:03
VLAI
Title
SourceCodester Online Birth Certificate Management System admin file access
Summary
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible
Assigner
References
Impacted products
Credits
HuoMingZ (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5045",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T19:31:15.488826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:31:23.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-264742 | SourceCodester Online Birth Certificate Management System admin file access",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.264742"
          },
          {
            "name": "VDB-264742 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.264742"
          },
          {
            "name": "Submit #335384 | sourcecodeste Online Birth Certificate Management System 1.0 Directory traversal attack",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.335384"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Online Birth Certificate Management System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "HuoMingZ (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In SourceCodester Online Birth Certificate Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T12:31:03.558Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-264742 | SourceCodester Online Birth Certificate Management System admin file access",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.264742"
        },
        {
          "name": "VDB-264742 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.264742"
        },
        {
          "name": "Submit #335384 | sourcecodeste Online Birth Certificate Management System 1.0 Directory traversal attack",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.335384"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-05-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-05-17T07:53:32.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Online Birth Certificate Management System admin file access"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-5045",
    "datePublished": "2024-05-17T12:31:03.558Z",
    "dateReserved": "2024-05-17T05:48:29.413Z",
    "dateUpdated": "2024-08-01T21:03:10.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

CAPEC-150: Collect Data from Common Resource Locations

An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.

CAPEC-639: Probe System Files

An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.