Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for integria_ims by artica

    CVE-2021-3834 (GCVE-0-2021-3834)

    Vulnerability from nvd – Published: 2021-10-07 15:14 – Updated: 2024-09-16 17:37
    VLAI
    Title
    Integria IMS vulnerable to Cross Site Scripting (XSS)
    Summary
    Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-05 22:00
    Credits
    Discovered by @_Barriuso (special mention to @nag0mez ).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by @_Barriuso (special mention to @nag0mez )."
            }
          ],
          "datePublic": "2021-10-05T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
                }
              ],
              "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T13:51:58.328Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This vulnerability has been solved in Integria IMS 5.0 93."
                }
              ],
              "value": "This vulnerability has been solved in Integria IMS 5.0 93."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3834",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS vulnerable to Cross Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @_Barriuso (special mention to @nag0mez )."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                },
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3834",
        "datePublished": "2021-10-07T15:14:35.381Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:37:38.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3833 (GCVE-0-2021-3833)

    Vulnerability from nvd – Published: 2021-10-07 15:10 – Updated: 2024-09-16 23:46
    VLAI
    Title
    Integria IMS incorrect authorization
    Summary
    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-05 22:00
    Credits
    Discovered by @nag0mez (special mention to @_Barriuso).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
            }
          ],
          "datePublic": "2021-10-05T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIntegria IMS login check uses a loose comparator (\u0026quot;==\u0026quot;) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\u003c/p\u003e"
                }
              ],
              "value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "CWE-697 Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T13:46:15.846Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability has been solved in Integria IMS 5.0 93\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability has been solved in Integria IMS 5.0 93"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS incorrect authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3833",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS incorrect authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                },
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3833",
        "datePublished": "2021-10-07T15:10:07.808Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:46:25.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3832 (GCVE-0-2021-3832)

    Vulnerability from nvd – Published: 2021-10-07 13:33 – Updated: 2024-09-17 02:36
    VLAI
    Title
    Integria IMS Remote Code Execution
    Summary
    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-06 00:00
    Credits
    Discovered by @nag0mez (special mention to @_Barriuso).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-07T13:33:19.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been solved in Integria IMS 5.0 93"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3832",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
                },
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3832",
        "datePublished": "2021-10-07T13:33:19.417Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:13.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15091 (GCVE-0-2019-15091)

    Vulnerability from nvd – Published: 2019-08-16 12:10 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://pastebin.com/k7FuvNvx x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/k7FuvNvx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki\u0026sec2=operation/wiki/wiki\u0026action=upload arbitrary file upload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-16T12:10:46.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/k7FuvNvx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15091",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki\u0026sec2=operation/wiki/wiki\u0026action=upload arbitrary file upload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pastebin.com/k7FuvNvx",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/k7FuvNvx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15091",
        "datePublished": "2019-08-16T12:10:46.000Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000812 (GCVE-0-2018-1000812)

    Vulnerability from nvd – Published: 2018-12-20 15:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:56.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/fleetcaptain/integria-takeover"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-11-27T00:00:00.000Z",
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-15T23:55:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/fleetcaptain/integria-takeover"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-11-27T13:54:33.453737",
              "DATE_REQUESTED": "2018-10-06T05:33:05",
              "ID": "CVE-2018-1000812",
              "REQUESTER": "cpearson9@yahoo.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/",
                  "refsource": "MISC",
                  "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
                },
                {
                  "name": "https://github.com/fleetcaptain/integria-takeover",
                  "refsource": "MISC",
                  "url": "https://github.com/fleetcaptain/integria-takeover"
                },
                {
                  "name": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047",
                  "refsource": "MISC",
                  "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000812",
        "datePublished": "2018-12-20T15:00:00.000Z",
        "dateReserved": "2018-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:56.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19829 (GCVE-0-2018-19829)

    Vulnerability from nvd – Published: 2018-12-18 22:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
              },
              {
                "name": "46013",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
            },
            {
              "name": "46013",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/",
                  "refsource": "MISC",
                  "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
                },
                {
                  "name": "46013",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19829",
        "datePublished": "2018-12-18T22:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19828 (GCVE-0-2018-19828)

    Vulnerability from nvd – Published: 2018-12-17 18:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
              },
              {
                "name": "46012",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS 5.0.83 has XSS via the search_string parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
            },
            {
              "name": "46012",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46012/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS 5.0.83 has XSS via the search_string parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/",
                  "refsource": "MISC",
                  "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
                },
                {
                  "name": "46012",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46012/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19828",
        "datePublished": "2018-12-17T18:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3834 (GCVE-0-2021-3834)

    Vulnerability from cvelistv5 – Published: 2021-10-07 15:14 – Updated: 2024-09-16 17:37
    VLAI
    Title
    Integria IMS vulnerable to Cross Site Scripting (XSS)
    Summary
    Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-05 22:00
    Credits
    Discovered by @_Barriuso (special mention to @nag0mez ).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by @_Barriuso (special mention to @nag0mez )."
            }
          ],
          "datePublic": "2021-10-05T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
                }
              ],
              "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T13:51:58.328Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-vulnerable-cross-site-scripting-xss"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This vulnerability has been solved in Integria IMS 5.0 93."
                }
              ],
              "value": "This vulnerability has been solved in Integria IMS 5.0 93."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3834",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS vulnerable to Cross Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @_Barriuso (special mention to @nag0mez )."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                },
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-vulnerable-cross-site-scripting-xss"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3834",
        "datePublished": "2021-10-07T15:14:35.381Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:37:38.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3833 (GCVE-0-2021-3833)

    Vulnerability from cvelistv5 – Published: 2021-10-07 15:10 – Updated: 2024-09-16 23:46
    VLAI
    Title
    Integria IMS incorrect authorization
    Summary
    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-05 22:00
    Credits
    Discovered by @nag0mez (special mention to @_Barriuso).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
            }
          ],
          "datePublic": "2021-10-05T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIntegria IMS login check uses a loose comparator (\u0026quot;==\u0026quot;) to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\u003c/p\u003e"
                }
              ],
              "value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "CWE-697 Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T13:46:15.846Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability has been solved in Integria IMS 5.0 93\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability has been solved in Integria IMS 5.0 93"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS incorrect authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3833",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS incorrect authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                },
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3833",
        "datePublished": "2021-10-07T15:10:07.808Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:46:25.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3832 (GCVE-0-2021-3832)

    Vulnerability from cvelistv5 – Published: 2021-10-07 13:33 – Updated: 2024-09-17 02:36
    VLAI
    Title
    Integria IMS Remote Code Execution
    Summary
    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ártica Integria IMS Affected: 5.0.92
    Create a notification for this product.
    Date Public
    2021-10-06 00:00
    Credits
    Discovered by @nag0mez (special mention to @_Barriuso).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://integriaims.com/en/services/updates/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integria IMS",
              "vendor": "\u00c1rtica",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.92"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-07T13:33:19.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://integriaims.com/en/services/updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been solved in Integria IMS 5.0 93"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Integria IMS Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
              "ID": "CVE-2021-3832",
              "STATE": "PUBLIC",
              "TITLE": "Integria IMS Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integria IMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.0.92",
                                "version_value": "5.0.92"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "\u00c1rtica"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Discovered by @nag0mez (special mention to @_Barriuso)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution"
                },
                {
                  "name": "https://integriaims.com/en/services/updates/",
                  "refsource": "CONFIRM",
                  "url": "https://integriaims.com/en/services/updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This vulnerability has been solved in Integria IMS 5.0 93"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-3832",
        "datePublished": "2021-10-07T13:33:19.417Z",
        "dateReserved": "2021-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:13.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15091 (GCVE-0-2019-15091)

    Vulnerability from cvelistv5 – Published: 2019-08-16 12:10 – Updated: 2024-08-05 00:34
    VLAI
    Summary
    filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://pastebin.com/k7FuvNvx x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/k7FuvNvx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki\u0026sec2=operation/wiki/wiki\u0026action=upload arbitrary file upload."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-16T12:10:46.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/k7FuvNvx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-15091",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki\u0026sec2=operation/wiki/wiki\u0026action=upload arbitrary file upload."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pastebin.com/k7FuvNvx",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/k7FuvNvx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-15091",
        "datePublished": "2019-08-16T12:10:46.000Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:34:53.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000812 (GCVE-0-2018-1000812)

    Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:56.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/fleetcaptain/integria-takeover"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-11-27T00:00:00.000Z",
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-15T23:55:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/fleetcaptain/integria-takeover"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-11-27T13:54:33.453737",
              "DATE_REQUESTED": "2018-10-06T05:33:05",
              "ID": "CVE-2018-1000812",
              "REQUESTER": "cpearson9@yahoo.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/",
                  "refsource": "MISC",
                  "url": "https://cp270.wordpress.com/2018/05/14/war-story-password-resets/"
                },
                {
                  "name": "https://github.com/fleetcaptain/integria-takeover",
                  "refsource": "MISC",
                  "url": "https://github.com/fleetcaptain/integria-takeover"
                },
                {
                  "name": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047",
                  "refsource": "MISC",
                  "url": "https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000812",
        "datePublished": "2018-12-20T15:00:00.000Z",
        "dateReserved": "2018-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:56.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19829 (GCVE-0-2018-19829)

    Vulnerability from cvelistv5 – Published: 2018-12-18 22:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
              },
              {
                "name": "46013",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
            },
            {
              "name": "46013",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/",
                  "refsource": "MISC",
                  "url": "https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery/"
                },
                {
                  "name": "46013",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19829",
        "datePublished": "2018-12-18T22:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19828 (GCVE-0-2018-19828)

    Vulnerability from cvelistv5 – Published: 2018-12-17 18:00 – Updated: 2024-08-05 11:44
    VLAI
    Summary
    Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:44:20.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
              },
              {
                "name": "46012",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Artica Integria IMS 5.0.83 has XSS via the search_string parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
            },
            {
              "name": "46012",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46012/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-19828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Artica Integria IMS 5.0.83 has XSS via the search_string parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/",
                  "refsource": "MISC",
                  "url": "https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado/"
                },
                {
                  "name": "46012",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46012/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-19828",
        "datePublished": "2018-12-17T18:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:44:20.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }