Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for ucrm by ubnt

    VAR-201807-0232

    Vulnerability from variot - Updated: 2024-11-23 22:06

    Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". Ubiquiti UCRM Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained. Ubiquiti UCRM is a billing and customer management system developed by Ubiquiti Networks. The system has functions such as customer management, automatic settlement and network monitoring

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0232",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ucrm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ubnt",
            "version": "2.7.7"
          },
          {
            "model": "ucrm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ubnt",
            "version": "2.3.0"
          },
          {
            "model": "ucrm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "2.3.0 to  2.7.7"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ubiquiti_networks:ucrm",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          }
        ]
      },
      "cve": "CVE-2017-0913",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CVE-2017-0913",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "VHN-99732",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2017-0913",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-0913",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-0913",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-2098",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-99732",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\". Ubiquiti UCRM Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained. Ubiquiti UCRM is a billing and customer management system developed by Ubiquiti Networks. The system has functions such as customer management, automatic settlement and network monitoring",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-0913",
            "trust": 2.5
          },
          {
            "db": "HACKERONE",
            "id": "301406",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-99732",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "id": "VAR-201807-0232",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:06:46.025000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "New UCRM upgrades available: 2.8.2 and 2.9.0-beta3",
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
          },
          {
            "title": "Ubiquiti UCRM Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100306"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://community.ubnt.com/t5/ucrm/new-ucrm-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/301406"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0913"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0913"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "date": "2018-09-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "date": "2018-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "date": "2018-07-03T21:29:00.247000",
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-99732"
          },
          {
            "date": "2018-09-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          },
          {
            "date": "2024-11-21T03:03:53.117000",
            "db": "NVD",
            "id": "CVE-2017-0913"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ubiquiti UCRM Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007703"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-2098"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-0913 (GCVE-0-2017-0913)

    Vulnerability from nvd – Published: 2018-07-03 21:00 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/301406"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-03T20:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/301406"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-24T00:00:00",
              "ID": "CVE-2017-0913",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/301406",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/301406"
                },
                {
                  "name": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814",
                  "refsource": "MISC",
                  "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-0913",
        "datePublished": "2018-07-03T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:59.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0913 (GCVE-0-2017-0913)

    Vulnerability from cvelistv5 – Published: 2018-07-03 21:00 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/301406"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-03T20:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/301406"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-24T00:00:00",
              "ID": "CVE-2017-0913",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/301406",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/301406"
                },
                {
                  "name": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814",
                  "refsource": "MISC",
                  "url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-0913",
        "datePublished": "2018-07-03T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:59.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }