Search criteria
9 vulnerabilities by Helix
CVE-2024-10314 (GCVE-0-2024-10314)
Vulnerability from cvelistv5 – Published: 2024-11-11 14:11 – Updated: 2025-01-29 19:43
VLAI?
Title
Unauthenticated Denial of Service via Auto Generation Function
Summary
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2024.2
(sem)
Affected: 0.0.0 , < 2024.1 (semver) Affected: 0.0.0 , < 2023.2 (semver) Affected: 0.0.0 , < 2023.1 (semver) Affected: 0.0.0 , < 2022.2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:54:15.709418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T15:55:04.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0.0.0",
"versionType": "sem"
},
{
"lessThan": "2024.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wi\u0119sek.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wi\u0119sek."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T19:43:07.659Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SZNFYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service via Auto Generation Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-10314",
"datePublished": "2024-11-11T14:11:12.415Z",
"dateReserved": "2024-10-23T18:41:29.030Z",
"dateUpdated": "2025-01-29T19:43:07.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10344 (GCVE-0-2024-10344)
Vulnerability from cvelistv5 – Published: 2024-11-11 14:08 – Updated: 2025-01-29 19:41
VLAI?
Title
Unauthenticated Denial of Service via Refuse Function
Summary
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2024.2
(semver)
Affected: 0.0.0 , < 2024.1 (semver) Affected: 0.0.0 , < 2023.2 (semver) Affected: 0.0.0 , < 2023.1 (semver) Affected: 0.0.0 , < 2022.2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T15:56:00.459087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:17:54.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2024.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eReported by Karol \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWi\u0119sek\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Wi\u0119sek."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T19:41:20.345Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SZOrYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service via Refuse Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-10344",
"datePublished": "2024-11-11T14:08:11.753Z",
"dateReserved": "2024-10-24T13:48:10.942Z",
"dateUpdated": "2025-01-29T19:41:20.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10345 (GCVE-0-2024-10345)
Vulnerability from cvelistv5 – Published: 2024-11-11 13:28 – Updated: 2025-01-29 19:39
VLAI?
Title
Unauthenticated Denial of Service via Shutdown Function
Summary
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2024.2
(semver)
Affected: 0.0.0 , < 2024.1 (semver) Affected: 0.0.0 , < 2023.2 (semver) Affected: 0.0.0 , < 2023.1 (semver) Affected: 0.0.0 , < 2022.2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T14:22:31.677652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:22:35.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2024.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol \u003cspan style=\"background-color: var(--clrSpellingErrorHighlightBg,#ffe5e5);\"\u003eWi\u0119sek\u003c/span\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Wi\u0119sek."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T19:39:33.787Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SZQTYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service via Shutdown Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-10345",
"datePublished": "2024-11-11T13:28:09.254Z",
"dateReserved": "2024-10-24T13:48:12.326Z",
"dateUpdated": "2025-01-29T19:39:33.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8067 (GCVE-0-2024-8067)
Vulnerability from cvelistv5 – Published: 2024-09-24 15:53 – Updated: 2024-11-21 16:57
VLAI?
Title
Unicode "best fit" argument injection
Summary
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
Severity ?
CWE
- CWE-176 - Improper Handling of Unicode Encoding
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
2024.1 , ≤ 2024.1 Patch 2 (2024.1/2655224)
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThanOrEqual": "2024.1patch2-2021.1/2655224",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:37:45.806154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:57:56.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThanOrEqual": "2024.1 Patch 2 (2024.1/2655224)",
"status": "affected",
"version": "2024.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode \"best fit\" argument injection was identified.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode \"best fit\" argument injection was identified."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176: Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:53:35.042Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SXEzYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unicode \"best fit\" argument injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-8067",
"datePublished": "2024-09-24T15:53:35.042Z",
"dateReserved": "2024-08-21T23:12:22.823Z",
"dateUpdated": "2024-11-21T16:57:56.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0325 (GCVE-0-2024-0325)
Vulnerability from cvelistv5 – Published: 2024-02-01 22:03 – Updated: 2024-08-01 18:04
VLAI?
Title
Command Injection in Helix Sync
Summary
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T18:34:03.681152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:54.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sync",
"vendor": "Helix",
"versions": [
{
"lessThan": "2024.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:03:57.425Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in Helix Sync",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-0325",
"datePublished": "2024-02-01T22:03:57.425Z",
"dateReserved": "2024-01-08T17:02:56.359Z",
"dateUpdated": "2024-08-01T18:04:49.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5759 (GCVE-0-2023-5759)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:48 – Updated: 2024-11-11 14:27
VLAI?
Title
Unauthenticated Remote Denial-of-Service via Buffer in Helix Core
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:54:50.922554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:27:10.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:18:40.109Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service via Buffer in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-5759",
"datePublished": "2023-11-08T15:48:18.816Z",
"dateReserved": "2023-10-24T21:49:40.705Z",
"dateUpdated": "2024-11-11T14:27:10.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45319 (GCVE-0-2023-45319)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:43 – Updated: 2024-11-11 14:26
VLAI?
Title
Unauthenticated Remote Denial-of-Service (Commit) in Helix Core
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:04:31.039795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:26:24.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eReported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:21:16.038Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service (Commit) in Helix Core ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-45319",
"datePublished": "2023-11-08T15:43:58.737Z",
"dateReserved": "2023-10-24T21:47:07.849Z",
"dateUpdated": "2024-11-11T14:26:24.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45849 (GCVE-0-2023-45849)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:40 – Updated: 2024-08-02 20:29
VLAI?
Title
Arbitrary Code Execution in Helix Core
Summary
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:20:00.910Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary Code Execution in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-45849",
"datePublished": "2023-11-08T15:40:29.648Z",
"dateReserved": "2023-10-24T21:47:07.857Z",
"dateUpdated": "2024-08-02T20:29:32.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35767 (GCVE-0-2023-35767)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:31 – Updated: 2024-11-11 14:27
VLAI?
Title
Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:13:58.221210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:27:36.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Helix Swarm",
"vendor": "Helix ",
"versions": [
{
"lessThan": "2024.1 ",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:39:39.464Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-35767",
"datePublished": "2023-11-08T15:31:29.693Z",
"dateReserved": "2023-10-24T21:47:07.842Z",
"dateUpdated": "2024-11-11T14:27:36.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}