Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Connecta by Benner

    CVE-2025-1645 (GCVE-0-2025-1645)

    Vulnerability from nvd – Published: 2025-02-25 02:00 – Updated: 2025-02-25 14:37
    VLAI
    Title
    Benner Connecta EditarLogado resource injection
    Summary
    A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-99 - Improper Control of Resource Identifiers
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.296695 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.296695 signaturepermissions-required
    https://vuldb.com/?submit.501406 third-party-advisory
    https://github.com/yago3008/cves related
    Impacted products
    Vendor Product Version
    Benner Connecta Affected: 1.0.5330
    Create a notification for this product.
    Credits
    y4g0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1645",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T14:06:26.124769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T14:37:49.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connecta",
              "vendor": "Benner",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5330"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "y4g0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Benner Connecta 1.0.5330 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /Usuarios/Usuario/EditarLogado/. Durch die Manipulation des Arguments Handle mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-99",
                  "description": "Improper Control of Resource Identifiers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-25T02:00:09.016Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-296695 | Benner Connecta EditarLogado resource injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.296695"
            },
            {
              "name": "VDB-296695 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.296695"
            },
            {
              "name": "Submit #501406 | benner Benner Conecta 1.0.5330 Insecure Direct Object Reference leads to Account Take Over",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.501406"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/yago3008/cves"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-02-24T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-02-24T18:27:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Benner Connecta EditarLogado resource injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-1645",
        "datePublished": "2025-02-25T02:00:09.016Z",
        "dateReserved": "2025-02-24T17:22:22.305Z",
        "dateUpdated": "2025-02-25T14:37:49.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1645 (GCVE-0-2025-1645)

    Vulnerability from cvelistv5 – Published: 2025-02-25 02:00 – Updated: 2025-02-25 14:37
    VLAI
    Title
    Benner Connecta EditarLogado resource injection
    Summary
    A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-99 - Improper Control of Resource Identifiers
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.296695 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.296695 signaturepermissions-required
    https://vuldb.com/?submit.501406 third-party-advisory
    https://github.com/yago3008/cves related
    Impacted products
    Vendor Product Version
    Benner Connecta Affected: 1.0.5330
    Create a notification for this product.
    Credits
    y4g0 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1645",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T14:06:26.124769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T14:37:49.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connecta",
              "vendor": "Benner",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.5330"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "y4g0 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Benner Connecta 1.0.5330 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /Usuarios/Usuario/EditarLogado/. Durch die Manipulation des Arguments Handle mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-99",
                  "description": "Improper Control of Resource Identifiers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-25T02:00:09.016Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-296695 | Benner Connecta EditarLogado resource injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.296695"
            },
            {
              "name": "VDB-296695 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.296695"
            },
            {
              "name": "Submit #501406 | benner Benner Conecta 1.0.5330 Insecure Direct Object Reference leads to Account Take Over",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.501406"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/yago3008/cves"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-02-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-02-24T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-02-24T18:27:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Benner Connecta EditarLogado resource injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-1645",
        "datePublished": "2025-02-25T02:00:09.016Z",
        "dateReserved": "2025-02-24T17:22:22.305Z",
        "dateUpdated": "2025-02-25T14:37:49.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }