Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DMS(Data Management Server) by Samsung Electronics

    CVE-2025-53077 (GCVE-0-2025-53077)

    Vulnerability from nvd – Published: 2025-07-29 05:03 – Updated: 2025-07-29 15:06
    VLAI
    Summary
    An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-698 - Execution After Redirect (EAR)
    References
    Impacted products
    Vendor Product Version
    Samsung Electronics DMS(Data Management Server) Affected: 2.0.0 , < 2.3.13.1 (custom)
    Affected: 2.5.0.17 , < 2.6.14.1 (custom)
    Affected: 2.7.0.15 , < 2.9.3.6 (custom)
    Create a notification for this product.
    Date Public
    2025-07-29 05:00
    Credits
    Noam Moshe of Claroty Team82
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-29T15:06:15.557705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T15:06:50.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DMS(Data Management Server)",
              "vendor": "Samsung Electronics",
              "versions": [
                {
                  "lessThan": "2.3.13.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.14.1",
                  "status": "affected",
                  "version": "2.5.0.17",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.9.3.6",
                  "status": "affected",
                  "version": "2.7.0.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Noam Moshe of Claroty Team82"
            }
          ],
          "datePublic": "2025-07-29T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
                }
              ],
              "value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-698",
                  "description": "CWE-698 Execution After Redirect (EAR)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-29T05:03:41.034Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://security.samsungda.com/securityUpdates.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53077",
        "datePublished": "2025-07-29T05:03:41.034Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-07-29T15:06:50.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53077 (GCVE-0-2025-53077)

    Vulnerability from cvelistv5 – Published: 2025-07-29 05:03 – Updated: 2025-07-29 15:06
    VLAI
    Summary
    An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-698 - Execution After Redirect (EAR)
    References
    Impacted products
    Vendor Product Version
    Samsung Electronics DMS(Data Management Server) Affected: 2.0.0 , < 2.3.13.1 (custom)
    Affected: 2.5.0.17 , < 2.6.14.1 (custom)
    Affected: 2.7.0.15 , < 2.9.3.6 (custom)
    Create a notification for this product.
    Date Public
    2025-07-29 05:00
    Credits
    Noam Moshe of Claroty Team82
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-29T15:06:15.557705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-29T15:06:50.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DMS(Data Management Server)",
              "vendor": "Samsung Electronics",
              "versions": [
                {
                  "lessThan": "2.3.13.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.14.1",
                  "status": "affected",
                  "version": "2.5.0.17",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.9.3.6",
                  "status": "affected",
                  "version": "2.7.0.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Noam Moshe of Claroty Team82"
            }
          ],
          "datePublic": "2025-07-29T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
                }
              ],
              "value": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-698",
                  "description": "CWE-698 Execution After Redirect (EAR)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-29T05:03:41.034Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://security.samsungda.com/securityUpdates.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53077",
        "datePublished": "2025-07-29T05:03:41.034Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-07-29T15:06:50.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }