Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Wholesale Inventory Management System by Bdtask

    CVE-2024-2639 (GCVE-0-2024-2639)

    Vulnerability from nvd – Published: 2024-03-19 15:00 – Updated: 2024-08-12 16:40
    VLAI
    Title
    Bdtask Wholesale Inventory Management System session fixiation
    Summary
    A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bdtask Wholesale Inventory Management System Affected: 20240311
    Create a notification for this product.
    bdtask multi_store_inventory_management_system Affected: 1.0
        cpe:2.3:a:bdtask:multi_store_inventory_management_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    srivishnu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:47.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257245 | Bdtask Wholesale Inventory Management System session fixiation",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257245"
              },
              {
                "name": "VDB-257245 | CTI Indicators (IOB, IOC)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257245"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bdtask:multi_store_inventory_management_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multi_store_inventory_management_system",
                "vendor": "bdtask",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T18:59:04.098804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T16:40:54.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wholesale Inventory Management System",
              "vendor": "Bdtask",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240311"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "srivishnu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Bdtask Wholesale Inventory Management System bis 20240311 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine session fixiation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixiation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T15:00:06.206Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257245 | Bdtask Wholesale Inventory Management System session fixiation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.257245"
            },
            {
              "name": "VDB-257245 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257245"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T10:46:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bdtask Wholesale Inventory Management System session fixiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2639",
        "datePublished": "2024-03-19T15:00:06.206Z",
        "dateReserved": "2024-03-19T09:40:54.274Z",
        "dateUpdated": "2024-08-12T16:40:54.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2639 (GCVE-0-2024-2639)

    Vulnerability from cvelistv5 – Published: 2024-03-19 15:00 – Updated: 2024-08-12 16:40
    VLAI
    Title
    Bdtask Wholesale Inventory Management System session fixiation
    Summary
    A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bdtask Wholesale Inventory Management System Affected: 20240311
    Create a notification for this product.
    bdtask multi_store_inventory_management_system Affected: 1.0
        cpe:2.3:a:bdtask:multi_store_inventory_management_system:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    srivishnu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:18:47.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-257245 | Bdtask Wholesale Inventory Management System session fixiation",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.257245"
              },
              {
                "name": "VDB-257245 | CTI Indicators (IOB, IOC)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.257245"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:bdtask:multi_store_inventory_management_system:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multi_store_inventory_management_system",
                "vendor": "bdtask",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T18:59:04.098804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T16:40:54.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wholesale Inventory Management System",
              "vendor": "Bdtask",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240311"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "srivishnu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Bdtask Wholesale Inventory Management System bis 20240311 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine session fixiation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixiation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T15:00:06.206Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-257245 | Bdtask Wholesale Inventory Management System session fixiation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.257245"
            },
            {
              "name": "VDB-257245 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.257245"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-19T10:46:10.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bdtask Wholesale Inventory Management System session fixiation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2639",
        "datePublished": "2024-03-19T15:00:06.206Z",
        "dateReserved": "2024-03-19T09:40:54.274Z",
        "dateUpdated": "2024-08-12T16:40:54.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }