Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for IAP-420 by ORing

    CVE-2024-55548 (GCVE-0-2024-55548)

    Vulnerability from nvd – Published: 2024-12-10 16:34 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Denial of Service
    Summary
    Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:57:16.507922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:57:47.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:38.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
                }
              ],
              "value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u00a0This issue affects IAP-420: through 2.01e."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-25",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-25: Forced Deadlock"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:34:02.230Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55548",
        "datePublished": "2024-12-10T16:34:02.230Z",
        "dateReserved": "2024-12-07T13:23:43.005Z",
        "dateUpdated": "2025-11-03T22:32:38.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55547 (GCVE-0-2024-55547)

    Vulnerability from nvd – Published: 2024-12-10 16:27 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Remote Command Execution via SNMP
    Summary
    SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:58:51.424791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:59:26.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:36.781Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
                }
              ],
              "value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u00a0This issue affects IAP-420: through 2.01e."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:27:07.033Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Remote Command Execution via SNMP",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55547",
        "datePublished": "2024-12-10T16:27:07.033Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:36.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55546 (GCVE-0-2024-55546)

    Vulnerability from nvd – Published: 2024-12-10 16:21 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Stored Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T20:05:31.498253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T20:05:54.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:35.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:21:33.244Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55546",
        "datePublished": "2024-12-10T16:21:33.244Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:35.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55545 (GCVE-0-2024-55545)

    Vulnerability from nvd – Published: 2024-12-10 16:14 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Reflected Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:38:18.501820Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:54:16.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:33.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:15:42.028Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55545",
        "datePublished": "2024-12-10T16:14:17.299Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:33.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55544 (GCVE-0-2024-55544)

    Vulnerability from nvd – Published: 2024-12-10 16:04 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Authenticated Command Injection
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T15:57:39.591160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T15:57:45.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:32.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:27:44.902Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55544",
        "datePublished": "2024-12-10T16:04:34.147Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:32.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5411 (GCVE-0-2024-5411)

    Vulnerability from nvd – Published: 2024-05-28 10:28 – Updated: 2025-10-08 09:14
    VLAI
    Title
    Command Injection
    Summary
    Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    oringnet iap-420_firmware Affected: 2.01e
        cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    T. Weber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iap-420_firmware",
                "vendor": "oringnet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.01e"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5411",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T17:58:40.800739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:03:00.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:14:56.574Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/May/36"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-5411",
        "datePublished": "2024-05-28T10:28:51.246Z",
        "dateReserved": "2024-05-27T08:38:01.961Z",
        "dateUpdated": "2025-10-08T09:14:56.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5410 (GCVE-0-2024-5410)

    Vulnerability from nvd – Published: 2024-05-28 10:23 – Updated: 2025-02-13 17:54
    VLAI
    Title
    Stored Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    T. Weber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T18:05:00.861450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:51.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T16:12:20.810Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/May/36"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-5410",
        "datePublished": "2024-05-28T10:23:16.991Z",
        "dateReserved": "2024-05-27T08:36:53.398Z",
        "dateUpdated": "2025-02-13T17:54:08.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-55548 (GCVE-0-2024-55548)

    Vulnerability from cvelistv5 – Published: 2024-12-10 16:34 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Denial of Service
    Summary
    Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:57:16.507922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:57:47.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:38.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
                }
              ],
              "value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u00a0This issue affects IAP-420: through 2.01e."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-25",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-25: Forced Deadlock"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:34:02.230Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55548",
        "datePublished": "2024-12-10T16:34:02.230Z",
        "dateReserved": "2024-12-07T13:23:43.005Z",
        "dateUpdated": "2025-11-03T22:32:38.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55547 (GCVE-0-2024-55547)

    Vulnerability from cvelistv5 – Published: 2024-12-10 16:27 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Remote Command Execution via SNMP
    Summary
    SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:58:51.424791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:59:26.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:36.781Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
                }
              ],
              "value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u00a0This issue affects IAP-420: through 2.01e."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:27:07.033Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Remote Command Execution via SNMP",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55547",
        "datePublished": "2024-12-10T16:27:07.033Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:36.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55546 (GCVE-0-2024-55546)

    Vulnerability from cvelistv5 – Published: 2024-12-10 16:21 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Stored Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T20:05:31.498253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T20:05:54.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:35.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:21:33.244Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55546",
        "datePublished": "2024-12-10T16:21:33.244Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:35.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55545 (GCVE-0-2024-55545)

    Vulnerability from cvelistv5 – Published: 2024-12-10 16:14 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Reflected Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-10T19:38:18.501820Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T19:54:16.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:33.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-10T16:15:42.028Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Reflected Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55545",
        "datePublished": "2024-12-10T16:14:17.299Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:33.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-55544 (GCVE-0-2024-55544)

    Vulnerability from cvelistv5 – Published: 2024-12-10 16:04 – Updated: 2025-11-03 22:32
    VLAI
    Title
    Authenticated Command Injection
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    P. Chistè A. Falb M. Selinger M. Suchy P. Oberndorfer P. Maluenda D. Sagl M. Narbeshuber-Spletzer J. Springer P. Riedl C. Hierzer M. Pammer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-55544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T15:57:39.591160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T15:57:45.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:32:32.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Dec/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Chist\u00e8"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "A. Falb"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Selinger"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Suchy"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Oberndorfer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Maluenda"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Sagl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Narbeshuber-Spletzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "J. Springer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "P. Riedl"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "C. Hierzer"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "M. Pammer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:27:44.902Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-55544",
        "datePublished": "2024-12-10T16:04:34.147Z",
        "dateReserved": "2024-12-07T13:23:43.004Z",
        "dateUpdated": "2025-11-03T22:32:32.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5411 (GCVE-0-2024-5411)

    Vulnerability from cvelistv5 – Published: 2024-05-28 10:28 – Updated: 2025-10-08 09:14
    VLAI
    Title
    Command Injection
    Summary
    Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    oringnet iap-420_firmware Affected: 2.01e
        cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    T. Weber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iap-420_firmware",
                "vendor": "oringnet",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.01e"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5411",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T17:58:40.800739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:03:00.513Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:14:56.574Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/May/36"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-5411",
        "datePublished": "2024-05-28T10:28:51.246Z",
        "dateReserved": "2024-05-27T08:38:01.961Z",
        "dateUpdated": "2025-10-08T09:14:56.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5410 (GCVE-0-2024-5410)

    Vulnerability from cvelistv5 – Published: 2024-05-28 10:23 – Updated: 2025-02-13 17:54
    VLAI
    Title
    Stored Cross-Site Scripting
    Summary
    Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ORing IAP-420 Affected: 0 , ≤ 2.01e (custom)
    Create a notification for this product.
    Credits
    T. Weber
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T18:05:00.861450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:51.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:11:12.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/36"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IAP-420",
              "vendor": "ORing",
              "versions": [
                {
                  "lessThanOrEqual": "2.01e",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e"
                }
              ],
              "value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T16:12:20.810Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/May/36"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-5410",
        "datePublished": "2024-05-28T10:23:16.991Z",
        "dateReserved": "2024-05-27T08:36:53.398Z",
        "dateUpdated": "2025-02-13T17:54:08.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }