CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2024-7408 (GCVE-0-2024-7408)
Vulnerability from cvelistv5 – Published: 2024-08-09 10:40 – Updated: 2024-08-09 15:14
VLAI
Title
Information Disclosure Vulnerability in Airveda Air Quality Monitor
Summary
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.
Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Airveda | Air Quality Monitor PM2.5 PM10 |
Affected:
0 , < 7.4.4.39
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:14:02.118389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:14:15.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Air Quality Monitor PM2.5 PM10",
"vendor": "Airveda",
"versions": [
{
"lessThan": "7.4.4.39",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anand Agrawal and Dr. Rajib Ranjan Maiti from BITS-Pilani, Hyderabad Campus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP.\n\nSuccessful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-65",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-65 Sniff Application Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T10:40:54.953Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0233"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to patched version 7.4.4.39\u003cbr\u003e"
}
],
"value": "Upgrade to patched version 7.4.4.39"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in Airveda Air Quality Monitor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-7408",
"datePublished": "2024-08-09T10:40:54.953Z",
"dateReserved": "2024-08-02T10:47:10.549Z",
"dateUpdated": "2024-08-09T15:14:15.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8013 (GCVE-0-2024-8013)
Vulnerability from cvelistv5 – Published: 2024-10-28 12:58 – Updated: 2024-10-28 13:39
VLAI
Title
CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
Summary
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc | mongocryptd |
Affected:
5.0 , < 5.0.29
(custom)
Affected: 6.0 , < 6.0.17 (custom) Affected: 7.0 , < 7.012 (custom) Affected: 7.3 , < 7.3.4 (custom) cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:* |
|
| MongoDB Inc | Mongo_crypt_v1.so |
Affected:
6.0 , < 6.0.17
(custom)
Affected: 7.0 , < 7.0.12 (custom) Affected: 7.3 , < 7.3.4 (custom) |
Date Public
2024-10-28 12:57
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:39:18.972061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:39:31.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:6.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongo_crypt_v1.so:7.3.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.17:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.18:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.19:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.20:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.21:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.22:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.23:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.24:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.25:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.26:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.27:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:5.0.28:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.12:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.13:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.14:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.15:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:6.0.16:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.3:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.4:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.5:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.6:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.7:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.8:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.9:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.10:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.0.11:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:mongocryptd:7.3.3:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "mongocryptd",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "5.0.29",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "6.0.17",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.012",
"status": "affected",
"version": "7.0",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mongo_crypt_v1.so",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "6.0.17",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0",
"versionType": "custom"
},
{
"lessThan": "7.3.4",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-28T12:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior t\u003c/span\u003eo 5.0.29, v\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T12:58:05.317Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-96254"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-8013",
"datePublished": "2024-10-28T12:58:05.317Z",
"dateReserved": "2024-08-20T15:39:32.550Z",
"dateUpdated": "2024-10-28T13:39:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8059 (GCVE-0-2024-8059)
Vulnerability from cvelistv5 – Published: 2024-09-13 17:27 – Updated: 2024-09-13 17:55
VLAI
Summary
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
Severity
4.3 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
140 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | HX5530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | ST250 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | VX3331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX Enclosure Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX1021 Edge Certified Node 3yr (ThinkAgile) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | HX1320 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX1520-R Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX1521-R Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2320-E Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX2330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX2331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX2720-E Appliance (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX3320 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3321 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3331 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3331 Node SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX3375 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | HX3376 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | HX3520-G Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3521-G Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX3720 Appliance (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX3721 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | HX5520 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5520-C Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5521 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5521-C Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX5531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7520 Appliance (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX7521 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | HX7530 Appl for SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7531 Node SAP HANA (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | HX7820 Appliance (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | HX7821 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | MX Edge Appliance - MX1020 (ThinkAgile) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | MX3330-F All-flash Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3330-H Hybrid Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3331-F All-flash Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3331-H Hybrid Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3530 F All flash Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3530-H Hybrid Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3531 H Hybrid Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | MX3531-F All-flash Certified node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | P920 Rack Workstation (ThinkStation) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SD530 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SD530 V3 (ThinkSystem) XCC |
Affected:
0 , < 1.20 USX364F
(custom)
|
|
| Lenovo | SD550 V3 (ThinkSystem) XCC |
Affected:
0 , < 1.20 USX364F
(custom)
|
|
| Lenovo | SD630 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD650 DWC Dual Node Tray (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SD650 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD650 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | SD650-N V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SD665 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 QGX344G
(custom)
|
|
| Lenovo | SE350 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SE350 V2 (ThinkEdge) XCC |
Affected:
0 , < 4.10 IYX330J
(custom)
|
|
| Lenovo | SE360 V2 (ThinkEdge) XCC |
Affected:
0 , < 4.10 IYX330J
(custom)
|
|
| Lenovo | SE450 (ThinkEdge) XCC |
Affected:
0 , < 4.10 USX360F
(custom)
|
|
| Lenovo | SE455 V3 (ThinkEdge) XCC |
Affected:
0 , < 4.10 MBX312K
(custom)
|
|
| Lenovo | SN550 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SN550 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SN850 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR150 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR158 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR250 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR250 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR250 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | SR258 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR258 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR258 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | SR530 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR550 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR570 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR590 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR630 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR630 V2 (ThinkSystem) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | SR630 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.50 ESX334M
(custom)
|
|
| Lenovo | SR635 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR645 (ThinkSystem) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | SR645 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR650 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | SR650 V2 (ThinkSystem) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | SR650 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.50 ESX334M
(custom)
|
|
| Lenovo | SR655 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR665 (ThinkSystem) XCC |
Affected:
0 , < 5.80 D8BT66D
(custom)
|
|
| Lenovo | SR665 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | SR670 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SR670 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR675 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 QGX344G
(custom)
|
|
| Lenovo | SR850 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR850 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR850 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.10 RSX314G
(custom)
|
|
| Lenovo | SR850P (ThinkSystem) XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | SR860 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | SR860 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | SR860 V3 (ThinkSystem) XCC |
Affected:
0 , < 5.10 RSX314G
(custom)
|
|
| Lenovo | SR950 (ThinkSystem) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | SR950 V3 (ThinkSystem) XCC |
Affected:
0 , < 4.10 EBX310F
(custom)
|
|
| Lenovo | ST250 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | ST250 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST258 (ThinkSystem) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | ST258 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST258 V3 (ThinkSystem) XCC |
Affected:
0 , < 3.10 CTX318G
(custom)
|
|
| Lenovo | ST550 (ThinkSystem) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | ST650 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST650 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | ST658 V2 (ThinkSystem) XCC |
Affected:
0 , < 4.12 TGBT52D
(custom)
|
|
| Lenovo | ST658 V3 (ThinkSystem) XCC |
Affected:
0 , < 7.10 USX358F
(custom)
|
|
| Lenovo | ThinkAgile MX1021 on SE350 XCC |
Affected:
0 , < 4.12 TEI3E4D
(custom)
|
|
| Lenovo | VX 1SE Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX 2U4N Certified Node (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX 4U Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
|
| Lenovo | VX1320 (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX2320 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX2330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3320 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX3330 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3520-G (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX3530-G Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX3720 (ThinkAgile) XCC |
Affected:
0 , < 6.40 TEI3F3E
(custom)
|
|
| Lenovo | VX5520 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX5530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX635 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX645 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX645 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX655 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX655 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX665 V3 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX665 V3 Integrated System (ThinkAgile) XCC |
Affected:
0 , < 3.50 KAX334N
(custom)
|
|
| Lenovo | VX7320 N (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7330 Appliance (Thinkagile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7520 (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7520 N (ThinkAgile) XCC |
Affected:
0 , < 9.98 CDI3B4E
(custom)
|
|
| Lenovo | VX7530 Appliance (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7531 Certified Node (ThinkAgile) XCC |
Affected:
0 , < 5.10 AFBT50F
(custom)
|
|
| Lenovo | VX7820 (ThinkAgile) XCC |
Affected:
0 , < 3.20 PSI356B
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:55:00.402704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:55:08.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HX5530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX Enclosure Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1021 Edge Certified Node 3yr (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1320 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1520-R Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX1521-R Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2320-E Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX2720-E Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3320 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3321 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3331 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3331 Node SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3375 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3376 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3520-G Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3521-G Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3720 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX3721 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5520 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5520-C Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5521 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5521-C Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX5531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7520 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7521 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7530 Appl for SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7531 Node SAP HANA (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7820 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HX7821 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX Edge Appliance - MX1020 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3330-F All-flash Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3330-H Hybrid Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3331-F All-flash Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3331-H Hybrid Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3530 F All flash Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3530-H Hybrid Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3531 H Hybrid Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MX3531-F All-flash Certified node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P920 Rack Workstation (ThinkStation) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD530 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD530 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.20 USX364F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD550 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.20 USX364F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD630 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 DWC Dual Node Tray (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD650-N V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD665 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 QGX344G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE350 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE350 V2 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 IYX330J",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE360 V2 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 IYX330J",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE450 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 USX360F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SE455 V3 (ThinkEdge) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 MBX312K",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN550 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN850 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR150 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR158 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR250 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR258 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR530 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR570 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR590 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR630 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.50 ESX334M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR635 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR645 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR645 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.50 ESX334M",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR655 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR665 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.80 D8BT66D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR665 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR670 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR670 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR675 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 QGX344G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 RSX314G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR850P (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR860 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 RSX314G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR950 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SR950 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.10 EBX310F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST250 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST258 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.10 CTX318G",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST550 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST650 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST650 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST658 V2 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TGBT52D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST658 V3 (ThinkSystem) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "7.10 USX358F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinkAgile MX1021 on SE350 XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.12 TEI3E4D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 1SE Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 2U4N Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX 4U Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX1320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX2320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX2330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3320 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3330 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3520-G (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3530-G Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX3720 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "6.40 TEI3F3E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX5520 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX5530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX635 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX645 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX645 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX655 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX655 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX665 V3 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX665 V3 Integrated System (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.50 KAX334N",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7320 N (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7330 Appliance (Thinkagile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7520 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7520 N (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.98 CDI3B4E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7530 Appliance (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7531 Certified Node (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.10 AFBT50F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VX7820 (ThinkAgile) XCC",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.20 PSI356B",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.\u003c/span\u003e"
}
],
"value": "IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:27:11.059Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-172051"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-172051\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-172051\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Update XClarity Controller to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-172051"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-8059",
"datePublished": "2024-09-13T17:27:11.059Z",
"dateReserved": "2024-08-21T18:21:35.109Z",
"dateUpdated": "2024-09-13T17:55:08.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9620 (GCVE-0-2024-9620)
Vulnerability from cvelistv5 – Published: 2024-10-08 16:25 – Updated: 2025-11-20 20:58
VLAI
Title
Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption
Summary
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
Severity
5.3 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9620 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317129 | issue-trackingx_refsource_REDHAT |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.4
(semver)
|
|||
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
Date Public
2024-10-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:42:34.191580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:43:09.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "affected",
"packageName": "event-driven-automation",
"versions": [
{
"lessThan": "2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "event_driven",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Enzo Ferreira (Red Hat)."
}
],
"datePublic": "2024-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:58:17.772Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-9620"
},
{
"name": "RHBZ#2317129",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317129"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-08T00:49:58.428Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-08T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption",
"x_redhatCweChain": "CWE-319: Cleartext Transmission of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-9620",
"datePublished": "2024-10-08T16:25:39.944Z",
"dateReserved": "2024-10-08T00:58:15.815Z",
"dateUpdated": "2025-11-20T20:58:17.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9834 (GCVE-0-2024-9834)
Vulnerability from cvelistv5 – Published: 2024-11-14 20:57 – Updated: 2024-11-15 15:10
VLAI
Title
Improper data protection on Life2000 ventilator serial interface
Summary
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
Severity
9.3 (Critical)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Baxter | Life2000 Ventilation System |
Affected:
06.08.00.00 and prior
|
Date Public
2024-11-14 20:43
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "life2000_ventilator_firmware",
"vendor": "baxter",
"versions": [
{
"lessThanOrEqual": "06.08.00.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:09:40.431805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:10:40.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Life2000 Ventilation System",
"vendor": "Baxter",
"versions": [
{
"status": "affected",
"version": "06.08.00.00 and prior"
}
]
}
],
"datePublic": "2024-11-14T20:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.\u003cbr\u003e"
}
],
"value": "Improper data protection on the ventilator\u0027s serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
},
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T21:47:25.133Z",
"orgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"shortName": "Baxter"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper data protection on Life2000 ventilator serial interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dba971b9-eb30-4121-91e1-3b45611354aa",
"assignerShortName": "Baxter",
"cveId": "CVE-2024-9834",
"datePublished": "2024-11-14T20:57:22.734Z",
"dateReserved": "2024-10-10T19:24:48.834Z",
"dateUpdated": "2024-11-15T15:10:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0136 (GCVE-0-2025-0136)
Vulnerability from cvelistv5 – Published: 2025-05-14 18:12 – Updated: 2025-05-14 19:43
VLAI
Title
PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices
Summary
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.
This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls.
NOTE: The AES-128-CCM encryption algorithm is not recommended for use.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0136 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Unaffected:
11.2.0
(custom)
Affected: 11.1.0 , < 11.1.5 (custom) Affected: 11.0.0 , < 11.0.7 (custom) Affected: 10.2.0 , < 10.2.11 (custom) Affected: 10.1.0 , < 10.1.14-h14 (custom) cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h13:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
(custom)
|
Date Public
2025-05-14 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T19:43:38.440941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:43:47.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.5",
"status": "unaffected"
}
],
"lessThan": "11.1.5",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.7",
"status": "unaffected"
}
],
"lessThan": "11.0.7",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.11",
"status": "unaffected"
}
],
"lessThan": "10.2.11",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.14-h14",
"status": "unaffected"
}
],
"lessThan": "10.1.14-h14",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You can verify whether you configured AES-128-CCM by checking IPSec profiles on your \u200b\u200bx86_64 Intel platform based firewall (Network \u2192 Network Profiles \u2192 IPSec Crypto \u2192 Encryption \u2192 AES-128-CCM)."
}
],
"value": "You can verify whether you configured AES-128-CCM by checking IPSec profiles on your \u200b\u200bx86_64 Intel platform based firewall (Network \u2192 Network Profiles \u2192 IPSec Crypto \u2192 Encryption \u2192 AES-128-CCM)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benjamin Bai of Palo Alto Networks"
}
],
"datePublic": "2025-05-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS\u00ae firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.\u003cbr\u003e\u003cbr\u003eThis issue does not affect Cloud NGFWs, Prisma\u00ae Access instances, or PAN-OS VM-Series firewalls.\u003cbr\u003e\u003cbr\u003eNOTE: The AES-128-CCM encryption algorithm is not recommended for use."
}
],
"value": "Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS\u00ae firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec.\n\nThis issue does not affect Cloud NGFWs, Prisma\u00ae Access instances, or PAN-OS VM-Series firewalls.\n\nNOTE: The AES-128-CCM encryption algorithm is not recommended for use."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:12:14.153Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0136"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.1\u003c/td\u003e\u003ctd\u003e11.1.0 through 11.1.4\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.1.5 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 11.0\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e11.0.0 through 11.0.6\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 11.0.7 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\u003ctd\u003eUpgrade to 10.2.11 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e10.1.0 through 10.1.14\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eUpgrade to 10.1.14-h14 or later\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll other older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cbr\u003ePAN-OS 11.0 is EoL. We listed it in this section for completeness and because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 on any of your firewalls, though, we strongly recommend that you upgrade to a supported (non-EoL) fixed version.\u003c/p\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nPAN-OS 11.2\n\nNo action needed\nPAN-OS 11.111.1.0 through 11.1.4\nUpgrade to 11.1.5 or laterPAN-OS 11.0\n11.0.0 through 11.0.6\nUpgrade to 11.0.7 or later\nPAN-OS 10.2\n10.2.0 through 10.2.10Upgrade to 10.2.11 or laterPAN-OS 10.1\n10.1.0 through 10.1.14\nUpgrade to 10.1.14-h14 or later\nAll other older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\nPAN-OS 11.0 is EoL. We listed it in this section for completeness and because we added a patch for PAN-OS 11.0 before it reached EoL. If you are running PAN-OS 11.0 on any of your firewalls, though, we strongly recommend that you upgrade to a supported (non-EoL) fixed version."
}
],
"source": {
"defect": [
"PAN-250162"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-14T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConfigure IPSec Crypto encryption to an algorithm that meets current security standards, such as AES-256-GCM or AES-256-CBC, on PA 7500, PA 5400, PA 5400f, PA 3400, PA 1600, PA 1400, and PA 400 series hardware PAN-OS firewalls. For more information on configuring the IPSec Crypto Profiles see our \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-site-to-site-vpn/define-cryptographic-profiles/define-ipsec-crypto-profiles\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Configure IPSec Crypto encryption to an algorithm that meets current security standards, such as AES-256-GCM or AES-256-CBC, on PA 7500, PA 5400, PA 5400f, PA 3400, PA 1600, PA 1400, and PA 400 series hardware PAN-OS firewalls. For more information on configuring the IPSec Crypto Profiles see our documentation https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/set-up-site-to-site-vpn/define-cryptographic-profiles/define-ipsec-crypto-profiles ."
}
],
"x_affectedList": [
"PAN-OS 11.1.4-h18",
"PAN-OS 11.1.4-h17",
"PAN-OS 11.1.4-h15",
"PAN-OS 11.1.4-h13",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.4-h4",
"PAN-OS 11.1.4-h3",
"PAN-OS 11.1.4-h2",
"PAN-OS 11.1.4-h1",
"PAN-OS 11.1.4",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.3-h1",
"PAN-OS 11.1.3",
"PAN-OS 11.1.2-h18",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.2-h8",
"PAN-OS 11.1.2-h7",
"PAN-OS 11.1.2-h6",
"PAN-OS 11.1.2-h5",
"PAN-OS 11.1.2-h4",
"PAN-OS 11.1.2-h3",
"PAN-OS 11.1.2-h2",
"PAN-OS 11.1.2-h1",
"PAN-OS 11.1.2",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 11.0.6-h1",
"PAN-OS 11.0.6",
"PAN-OS 11.0.5-h2",
"PAN-OS 11.0.5-h1",
"PAN-OS 11.0.5",
"PAN-OS 11.0.4-h6",
"PAN-OS 11.0.4-h5",
"PAN-OS 11.0.4-h4",
"PAN-OS 11.0.4-h3",
"PAN-OS 11.0.4-h2",
"PAN-OS 11.0.4-h1",
"PAN-OS 11.0.4",
"PAN-OS 11.0.3-h13",
"PAN-OS 11.0.3-h12",
"PAN-OS 11.0.3-h11",
"PAN-OS 11.0.3-h10",
"PAN-OS 11.0.3-h9",
"PAN-OS 11.0.3-h8",
"PAN-OS 11.0.3-h7",
"PAN-OS 11.0.3-h6",
"PAN-OS 11.0.3-h5",
"PAN-OS 11.0.3-h4",
"PAN-OS 11.0.3-h3",
"PAN-OS 11.0.3-h2",
"PAN-OS 11.0.3-h1",
"PAN-OS 11.0.3",
"PAN-OS 11.0.2-h5",
"PAN-OS 11.0.2-h4",
"PAN-OS 11.0.2-h3",
"PAN-OS 11.0.2-h2",
"PAN-OS 11.0.2-h1",
"PAN-OS 11.0.2",
"PAN-OS 11.0.1-h5",
"PAN-OS 11.0.1-h4",
"PAN-OS 11.0.1-h3",
"PAN-OS 11.0.1-h2",
"PAN-OS 11.0.1-h1",
"PAN-OS 11.0.1",
"PAN-OS 11.0.0-h4",
"PAN-OS 11.0.0-h3",
"PAN-OS 11.0.0-h2",
"PAN-OS 11.0.0-h1",
"PAN-OS 11.0.0",
"PAN-OS 10.2.10-h18",
"PAN-OS 10.2.10-h17",
"PAN-OS 10.2.10-h14",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.10-h1",
"PAN-OS 10.2.10",
"PAN-OS 10.2.9-h21",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.9-h5",
"PAN-OS 10.2.9-h4",
"PAN-OS 10.2.9-h3",
"PAN-OS 10.2.9-h2",
"PAN-OS 10.2.9-h1",
"PAN-OS 10.2.9",
"PAN-OS 10.2.8-h21",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.8-h9",
"PAN-OS 10.2.8-h8",
"PAN-OS 10.2.8-h7",
"PAN-OS 10.2.8-h6",
"PAN-OS 10.2.8-h5",
"PAN-OS 10.2.8-h4",
"PAN-OS 10.2.8-h3",
"PAN-OS 10.2.8-h2",
"PAN-OS 10.2.8-h1",
"PAN-OS 10.2.8",
"PAN-OS 10.2.7-h24",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.7-h10",
"PAN-OS 10.2.7-h9",
"PAN-OS 10.2.7-h8",
"PAN-OS 10.2.7-h7",
"PAN-OS 10.2.7-h6",
"PAN-OS 10.2.7-h5",
"PAN-OS 10.2.7-h4",
"PAN-OS 10.2.7-h3",
"PAN-OS 10.2.7-h2",
"PAN-OS 10.2.7-h1",
"PAN-OS 10.2.7",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.4-h24",
"PAN-OS 10.2.4-h23",
"PAN-OS 10.2.4-h22",
"PAN-OS 10.2.4-h21",
"PAN-OS 10.2.4-h20",
"PAN-OS 10.2.4-h19",
"PAN-OS 10.2.4-h18",
"PAN-OS 10.2.4-h17",
"PAN-OS 10.2.4-h16",
"PAN-OS 10.2.4-h15",
"PAN-OS 10.2.4-h14",
"PAN-OS 10.2.4-h13",
"PAN-OS 10.2.4-h12",
"PAN-OS 10.2.4-h11",
"PAN-OS 10.2.4-h10",
"PAN-OS 10.2.4-h9",
"PAN-OS 10.2.4-h8",
"PAN-OS 10.2.4-h7",
"PAN-OS 10.2.4-h6",
"PAN-OS 10.2.4-h5",
"PAN-OS 10.2.4-h4",
"PAN-OS 10.2.4-h3",
"PAN-OS 10.2.4-h2",
"PAN-OS 10.2.4-h1",
"PAN-OS 10.2.4",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0",
"PAN-OS 10.1.14-h13",
"PAN-OS 10.1.14-h11",
"PAN-OS 10.1.14-h10",
"PAN-OS 10.1.14-h9",
"PAN-OS 10.1.14-h8",
"PAN-OS 10.1.14-h7",
"PAN-OS 10.1.14-h6",
"PAN-OS 10.1.14-h5",
"PAN-OS 10.1.14-h4",
"PAN-OS 10.1.14-h3",
"PAN-OS 10.1.14-h2",
"PAN-OS 10.1.14-h1",
"PAN-OS 10.1.14",
"PAN-OS 10.1.13-h5",
"PAN-OS 10.1.13-h4",
"PAN-OS 10.1.13-h3",
"PAN-OS 10.1.13-h2",
"PAN-OS 10.1.13-h1",
"PAN-OS 10.1.13",
"PAN-OS 10.1.12-h3",
"PAN-OS 10.1.12-h2",
"PAN-OS 10.1.12-h1",
"PAN-OS 10.1.12",
"PAN-OS 10.1.11-h10",
"PAN-OS 10.1.11-h9",
"PAN-OS 10.1.11-h8",
"PAN-OS 10.1.11-h7",
"PAN-OS 10.1.11-h6",
"PAN-OS 10.1.11-h5",
"PAN-OS 10.1.11-h4",
"PAN-OS 10.1.11-h3",
"PAN-OS 10.1.11-h2",
"PAN-OS 10.1.11-h1",
"PAN-OS 10.1.11",
"PAN-OS 10.1.10-h9",
"PAN-OS 10.1.10-h8",
"PAN-OS 10.1.10-h7",
"PAN-OS 10.1.10-h6",
"PAN-OS 10.1.10-h5",
"PAN-OS 10.1.10-h4",
"PAN-OS 10.1.10-h3",
"PAN-OS 10.1.10-h2",
"PAN-OS 10.1.10-h1",
"PAN-OS 10.1.10",
"PAN-OS 10.1.9-h14",
"PAN-OS 10.1.9-h13",
"PAN-OS 10.1.9-h12",
"PAN-OS 10.1.9-h11",
"PAN-OS 10.1.9-h10",
"PAN-OS 10.1.9-h9",
"PAN-OS 10.1.9-h8",
"PAN-OS 10.1.9-h7",
"PAN-OS 10.1.9-h6",
"PAN-OS 10.1.9-h5",
"PAN-OS 10.1.9-h4",
"PAN-OS 10.1.9-h3",
"PAN-OS 10.1.9-h2",
"PAN-OS 10.1.9-h1",
"PAN-OS 10.1.9",
"PAN-OS 10.1.8-h8",
"PAN-OS 10.1.8-h7",
"PAN-OS 10.1.8-h6",
"PAN-OS 10.1.8-h5",
"PAN-OS 10.1.8-h4",
"PAN-OS 10.1.8-h3",
"PAN-OS 10.1.8-h2",
"PAN-OS 10.1.8-h1",
"PAN-OS 10.1.8",
"PAN-OS 10.1.7-h1",
"PAN-OS 10.1.7",
"PAN-OS 10.1.6-h9",
"PAN-OS 10.1.6-h8",
"PAN-OS 10.1.6-h7",
"PAN-OS 10.1.6-h6",
"PAN-OS 10.1.6-h5",
"PAN-OS 10.1.6-h4",
"PAN-OS 10.1.6-h3",
"PAN-OS 10.1.6-h2",
"PAN-OS 10.1.6-h1",
"PAN-OS 10.1.6",
"PAN-OS 10.1.5-h4",
"PAN-OS 10.1.5-h3",
"PAN-OS 10.1.5-h2",
"PAN-OS 10.1.5-h1",
"PAN-OS 10.1.5",
"PAN-OS 10.1.4-h6",
"PAN-OS 10.1.4-h5",
"PAN-OS 10.1.4-h4",
"PAN-OS 10.1.4-h3",
"PAN-OS 10.1.4-h2",
"PAN-OS 10.1.4-h1",
"PAN-OS 10.1.4",
"PAN-OS 10.1.3-h4",
"PAN-OS 10.1.3-h3",
"PAN-OS 10.1.3-h2",
"PAN-OS 10.1.3-h1",
"PAN-OS 10.1.3",
"PAN-OS 10.1.2",
"PAN-OS 10.1.1",
"PAN-OS 10.1.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0136",
"datePublished": "2025-05-14T18:12:14.153Z",
"dateReserved": "2024-12-20T23:24:32.158Z",
"dateUpdated": "2025-05-14T19:43:47.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0250 (GCVE-0-2025-0250)
Vulnerability from cvelistv5 – Published: 2025-07-24 23:28 – Updated: 2025-07-25 13:28
VLAI
Title
HCL IEM is affected by an authorization token sent in cookie vulnerability
Summary
HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcl-software.com/csm?id=kb_articl… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | IEM |
Affected:
1.2
|
Date Public
2025-07-24 23:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:27:53.816295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:28:04.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by an authorization token sent in cookie vulnerability.\u0026nbsp; A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks."
}
],
"value": "HCL IEM is affected by an authorization token sent in cookie vulnerability.\u00a0 A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:36:16.177Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by an authorization token sent in cookie vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0250",
"datePublished": "2025-07-24T23:28:00.736Z",
"dateReserved": "2025-01-06T16:00:24.479Z",
"dateUpdated": "2025-07-25T13:28:04.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0252 (GCVE-0-2025-0252)
Vulnerability from cvelistv5 – Published: 2025-07-25 00:08 – Updated: 2025-07-25 13:19
VLAI
Title
HCL IEM is affected by a password in cleartext vulnerability
Summary
HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.
Severity
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcl-software.com/csm?id=kb_articl… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | IEM |
Affected:
1.2
|
Date Public
2025-07-24 23:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:18:50.215903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:19:00.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IEM",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"datePublic": "2025-07-24T23:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL IEM is affected by a password in cleartext vulnerability.\u0026nbsp; Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit."
}
],
"value": "HCL IEM is affected by a password in cleartext vulnerability.\u00a0 Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T00:19:29.552Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122368"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HCL IEM is affected by a password in cleartext vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-0252",
"datePublished": "2025-07-25T00:08:13.901Z",
"dateReserved": "2025-01-06T16:00:27.548Z",
"dateUpdated": "2025-07-25T13:19:00.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0432 (GCVE-0-2025-0432)
Vulnerability from cvelistv5 – Published: 2025-01-28 15:56 – Updated: 2025-01-28 16:32
VLAI
Title
HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information
Summary
EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
Severity
5.7 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HMS Networks | Ewon Flexy 202 |
Affected:
All
|
Date Public
2025-01-23 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0432",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:32:09.044151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:32:42.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ewon Flexy 202",
"vendor": "HMS Networks",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khalid Markar, Parul Sindhwad and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to CISA"
}
],
"datePublic": "2025-01-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.\u003c/span\u003e"
}
],
"value": "EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:56:10.373Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06"
},
{
"url": "https://www.hms-networks.com/cyber-security"
},
{
"url": "https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4"
},
{
"url": "https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo ensure the highest level of security when using the Ewon Flexy device, HMS strongly recommend following these best practices:\u003c/p\u003e\u003cul\u003e\u003cli\u003eIntegrate with Talk2M Cloud: Always use the Flexy device in conjunction with Talk2M cloud. This guarantees a robust security level for your remote access connections.\u003c/li\u003e\u003cli\u003eFollow the the guidelines outlined here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4\"\u003eBest Practices for Secure Usage of the Ewon Solution\u003c/a\u003e\u003c/li\u003e\u003cli\u003eDisable Unused Protocols: Regularly review and disable any unsecure protocols that are not in use. Learn how to do this here: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface\"\u003eHow to Block Unused Ewon Services\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor further information, please visit the HMS \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.hms-networks.com/cyber-security\"\u003eSecurity Advisories\u003c/a\u003e\u0026nbsp;page.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "To ensure the highest level of security when using the Ewon Flexy device, HMS strongly recommend following these best practices:\n\n * Integrate with Talk2M Cloud: Always use the Flexy device in conjunction with Talk2M cloud. This guarantees a robust security level for your remote access connections.\n * Follow the the guidelines outlined here: Best Practices for Secure Usage of the Ewon Solution https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf \n * Disable Unused Protocols: Regularly review and disable any unsecure protocols that are not in use. Learn how to do this here: How to Block Unused Ewon Services https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface \n\n\nFor further information, please visit the HMS Security Advisories https://www.hms-networks.com/cyber-security \u00a0page."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0432",
"datePublished": "2025-01-28T15:56:10.373Z",
"dateReserved": "2025-01-13T21:36:12.484Z",
"dateUpdated": "2025-01-28T16:32:42.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0556 (GCVE-0-2025-0556)
Vulnerability from cvelistv5 – Published: 2025-02-12 15:11 – Updated: 2025-02-12 15:33
VLAI
Title
Telerik Report Server Clear Text Transmission of Agent Commands
Summary
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
Severity
8.8 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.telerik.com/report-server/knowledge-… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software | Telerik Report Server |
Affected:
1.0.0 , < 2025 Q1 (11.0.25.211)
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:33:21.152666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:33:35.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
".NET Framework Implementation"
],
"platforms": [
"Windows"
],
"product": "Telerik Report Server",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "2025 Q1 (11.0.25.211)",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Progress\u00ae Telerik\u00ae Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.\u003c/p\u003e"
}
],
"value": "In Progress\u00ae Telerik\u00ae Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:11:03.067Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.telerik.com/report-server/knowledge-base/kb-security-cleartext-transmission-cve-2025-0556"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Telerik Report Server Clear Text Transmission of Agent Commands",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-0556",
"datePublished": "2025-02-12T15:11:03.067Z",
"dateReserved": "2025-01-17T19:39:39.461Z",
"dateUpdated": "2025-02-12T15:33:35.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
Phase: Implementation
Description:
- When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
Phase: Implementation
Description:
- When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Phase: Operation
Description:
- Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.