Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ABE by vivo

    CVE-2020-12487 (GCVE-0-2020-12487)

    Vulnerability from nvd – Published: 2024-12-17 02:53 – Updated: 2024-12-17 14:44
    VLAI
    Title
    Command Execution Vulnerability in ABE service
    Summary
    Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    vivo ABE Affected: Versions earlier than 4.4.0.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12487",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-17T14:44:27.965434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-17T14:44:40.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ABE",
              "vendor": "vivo",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 4.4.0.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.\u003cbr\u003e"
                }
              ],
              "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-17T02:53:22.309Z",
            "orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
            "shortName": "Vivo"
          },
          "references": [
            {
              "url": "https://www.vivo.com/en/support/security-advisory-detail?id=4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Execution Vulnerability in ABE service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
        "assignerShortName": "Vivo",
        "cveId": "CVE-2020-12487",
        "datePublished": "2024-12-17T02:53:22.309Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-12-17T14:44:40.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12487 (GCVE-0-2020-12487)

    Vulnerability from cvelistv5 – Published: 2024-12-17 02:53 – Updated: 2024-12-17 14:44
    VLAI
    Title
    Command Execution Vulnerability in ABE service
    Summary
    Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    vivo ABE Affected: Versions earlier than 4.4.0.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12487",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-17T14:44:27.965434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-17T14:44:40.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ABE",
              "vendor": "vivo",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 4.4.0.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.\u003cbr\u003e"
                }
              ],
              "value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-17T02:53:22.309Z",
            "orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
            "shortName": "Vivo"
          },
          "references": [
            {
              "url": "https://www.vivo.com/en/support/security-advisory-detail?id=4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Execution Vulnerability in ABE service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
        "assignerShortName": "Vivo",
        "cveId": "CVE-2020-12487",
        "datePublished": "2024-12-17T02:53:22.309Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-12-17T14:44:40.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }