Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Enterprise Architect by Sparx Systems

    CVE-2026-42098 (GCVE-0-2026-42098)

    Vulnerability from nvd – Published: 2026-05-19 12:59 – Updated: 2026-05-19 15:27
    VLAI
    Title
    Authorization Bypass in Sparx Enterprise Architect
    Summary
    Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Sparx Systems Enterprise Architect Affected: 0 , ≤ 17.1 (semver)
    Create a notification for this product.
    Credits
    Blazej Adamczyk (br0x) - Efigo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T15:27:25.413696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T15:27:32.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Enterprise Architect",
              "vendor": "Sparx Systems",
              "versions": [
                {
                  "lessThanOrEqual": "17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Blazej Adamczyk (br0x) - Efigo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sparx Enterprise Architect software has a security feature that limits user\u0027s actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect  client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
                }
              ],
              "value": "Sparx Enterprise Architect software has a security feature that limits user\u0027s actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect  client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-603",
                  "description": "CWE-603 Use of Client-Side Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T12:59:29.705Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/05/CVE-2026-42096"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://sparxsystems.com/products/ea/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://efigo.pl/blog/CVE-2026-42096/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authorization Bypass in Sparx Enterprise Architect",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-42098",
        "datePublished": "2026-05-19T12:59:29.705Z",
        "dateReserved": "2026-04-24T12:15:00.858Z",
        "dateUpdated": "2026-05-19T15:27:32.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42098 (GCVE-0-2026-42098)

    Vulnerability from cvelistv5 – Published: 2026-05-19 12:59 – Updated: 2026-05-19 15:27
    VLAI
    Title
    Authorization Bypass in Sparx Enterprise Architect
    Summary
    Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Sparx Systems Enterprise Architect Affected: 0 , ≤ 17.1 (semver)
    Create a notification for this product.
    Credits
    Blazej Adamczyk (br0x) - Efigo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T15:27:25.413696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T15:27:32.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Enterprise Architect",
              "vendor": "Sparx Systems",
              "versions": [
                {
                  "lessThanOrEqual": "17.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Blazej Adamczyk (br0x) - Efigo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sparx Enterprise Architect software has a security feature that limits user\u0027s actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect  client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
                }
              ],
              "value": "Sparx Enterprise Architect software has a security feature that limits user\u0027s actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect  client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-603",
                  "description": "CWE-603 Use of Client-Side Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T12:59:29.705Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/05/CVE-2026-42096"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://sparxsystems.com/products/ea/"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://efigo.pl/blog/CVE-2026-42096/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authorization Bypass in Sparx Enterprise Architect",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-42098",
        "datePublished": "2026-05-19T12:59:29.705Z",
        "dateReserved": "2026-04-24T12:15:00.858Z",
        "dateUpdated": "2026-05-19T15:27:32.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }