Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for IAP-420 by ORing
CVE-2024-55548 (GCVE-0-2024-55548)
Vulnerability from nvd – Published: 2024-12-10 16:34 – Updated: 2025-11-03 22:32
VLAI?
Title
Denial of Service
Summary
Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
Severity ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:57:16.507922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:57:47.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
}
],
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u00a0This issue affects IAP-420: through 2.01e."
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25: Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:34:02.230Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55548",
"datePublished": "2024-12-10T16:34:02.230Z",
"dateReserved": "2024-12-07T13:23:43.005Z",
"dateUpdated": "2025-11-03T22:32:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55547 (GCVE-0-2024-55547)
Vulnerability from nvd – Published: 2024-12-10 16:27 – Updated: 2025-11-03 22:32
VLAI?
Title
Remote Command Execution via SNMP
Summary
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55547",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:58:51.424791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:59:26.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:36.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
}
],
"value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u00a0This issue affects IAP-420: through 2.01e."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:27:07.033Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution via SNMP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55547",
"datePublished": "2024-12-10T16:27:07.033Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55546 (GCVE-0-2024-55546)
Vulnerability from nvd – Published: 2024-12-10 16:21 – Updated: 2025-11-03 22:32
VLAI?
Title
Stored Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T20:05:31.498253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T20:05:54.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:35.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:21:33.244Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55546",
"datePublished": "2024-12-10T16:21:33.244Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:35.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55545 (GCVE-0-2024-55545)
Vulnerability from nvd – Published: 2024-12-10 16:14 – Updated: 2025-11-03 22:32
VLAI?
Title
Reflected Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:38:18.501820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:54:16.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:15:42.028Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55545",
"datePublished": "2024-12-10T16:14:17.299Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:33.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55544 (GCVE-0-2024-55544)
Vulnerability from nvd – Published: 2024-12-10 16:04 – Updated: 2025-11-03 22:32
VLAI?
Title
Authenticated Command Injection
Summary
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T15:57:39.591160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T15:57:45.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:32.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:27:44.902Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55544",
"datePublished": "2024-12-10T16:04:34.147Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:32.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5411 (GCVE-0-2024-5411)
Vulnerability from nvd – Published: 2024-05-28 10:28 – Updated: 2025-10-08 09:14
VLAI?
Title
Command Injection
Summary
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iap-420_firmware",
"vendor": "oringnet",
"versions": [
{
"status": "affected",
"version": "2.01e"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5411",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:58:40.800739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:00.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:14:56.574Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-5411",
"datePublished": "2024-05-28T10:28:51.246Z",
"dateReserved": "2024-05-27T08:38:01.961Z",
"dateUpdated": "2025-10-08T09:14:56.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5410 (GCVE-0-2024-5410)
Vulnerability from nvd – Published: 2024-05-28 10:23 – Updated: 2025-02-13 17:54
VLAI?
Title
Stored Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:05:00.861450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:51.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:20.810Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-5410",
"datePublished": "2024-05-28T10:23:16.991Z",
"dateReserved": "2024-05-27T08:36:53.398Z",
"dateUpdated": "2025-02-13T17:54:08.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55548 (GCVE-0-2024-55548)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:34 – Updated: 2025-11-03 22:32
VLAI?
Title
Denial of Service
Summary
Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
Severity ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:57:16.507922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:57:47.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
}
],
"value": "Improper check of password character lenght in ORing IAP-420 allows a forced deadlock.\u00a0This issue affects IAP-420: through 2.01e."
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25: Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:34:02.230Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55548",
"datePublished": "2024-12-10T16:34:02.230Z",
"dateReserved": "2024-12-07T13:23:43.005Z",
"dateUpdated": "2025-11-03T22:32:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55547 (GCVE-0-2024-55547)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:27 – Updated: 2025-11-03 22:32
VLAI?
Title
Remote Command Execution via SNMP
Summary
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55547",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:58:51.424791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:59:26.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:36.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects IAP-420: through 2.01e.\u003c/span\u003e"
}
],
"value": "SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.\u00a0This issue affects IAP-420: through 2.01e."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:27:07.033Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution via SNMP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55547",
"datePublished": "2024-12-10T16:27:07.033Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55546 (GCVE-0-2024-55546)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:21 – Updated: 2025-11-03 22:32
VLAI?
Title
Stored Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T20:05:31.498253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T20:05:54.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:35.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:21:33.244Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55546",
"datePublished": "2024-12-10T16:21:33.244Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:35.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55545 (GCVE-0-2024-55545)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:14 – Updated: 2025-11-03 22:32
VLAI?
Title
Reflected Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T19:38:18.501820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T19:54:16.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:33.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T16:15:42.028Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55545",
"datePublished": "2024-12-10T16:14:17.299Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:33.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55544 (GCVE-0-2024-55544)
Vulnerability from cvelistv5 – Published: 2024-12-10 16:04 – Updated: 2025-11-03 22:32
VLAI?
Title
Authenticated Command Injection
Summary
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T15:57:39.591160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T15:57:45.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:32:32.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P. Chist\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "A. Falb"
},
{
"lang": "en",
"type": "finder",
"value": "M. Selinger"
},
{
"lang": "en",
"type": "finder",
"value": "M. Suchy"
},
{
"lang": "en",
"type": "finder",
"value": "P. Oberndorfer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Maluenda"
},
{
"lang": "en",
"type": "finder",
"value": "D. Sagl"
},
{
"lang": "en",
"type": "finder",
"value": "M. Narbeshuber-Spletzer"
},
{
"lang": "en",
"type": "finder",
"value": "J. Springer"
},
{
"lang": "en",
"type": "finder",
"value": "P. Riedl"
},
{
"lang": "en",
"type": "finder",
"value": "C. Hierzer"
},
{
"lang": "en",
"type": "finder",
"value": "M. Pammer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:27:44.902Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cyberdanube.com/security-research/st-polten-uas-multiple-vulnerabilities-in-oring-iap/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-55544",
"datePublished": "2024-12-10T16:04:34.147Z",
"dateReserved": "2024-12-07T13:23:43.004Z",
"dateUpdated": "2025-11-03T22:32:32.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5411 (GCVE-0-2024-5411)
Vulnerability from cvelistv5 – Published: 2024-05-28 10:28 – Updated: 2025-10-08 09:14
VLAI?
Title
Command Injection
Summary
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:oringnet:iap-420_firmware:2.01e:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iap-420_firmware",
"vendor": "oringnet",
"versions": [
{
"status": "affected",
"version": "2.01e"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5411",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:58:40.800739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:00.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T09:14:56.574Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-5411",
"datePublished": "2024-05-28T10:28:51.246Z",
"dateReserved": "2024-05-27T08:38:01.961Z",
"dateUpdated": "2025-10-08T09:14:56.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5410 (GCVE-0-2024-5410)
Vulnerability from cvelistv5 – Published: 2024-05-28 10:23 – Updated: 2025-02-13 17:54
VLAI?
Title
Stored Cross-Site Scripting
Summary
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:05:00.861450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:51.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IAP-420",
"vendor": "ORing",
"versions": [
{
"lessThanOrEqual": "2.01e",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects IAP-420 version 2.01e and below.\u003c/p\u003e"
}
],
"value": "Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:20.810Z",
"orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"shortName": "CyberDanube"
},
"references": [
{
"url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/36"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
"assignerShortName": "CyberDanube",
"cveId": "CVE-2024-5410",
"datePublished": "2024-05-28T10:23:16.991Z",
"dateReserved": "2024-05-27T08:36:53.398Z",
"dateUpdated": "2025-02-13T17:54:08.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}