Find a vulnerability
Search criteria
14 vulnerabilities by axway
VAR-201405-0018
Vulnerability from variot - Updated: 2025-04-13 23:41Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. Axway Secure Messenger is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. Axway Secure Messenger 6.5 is vulnerable; other versions may also be affected. Axway Secure Messenger is a suite of email encryption software from Axway, France. The software supports encrypting and authenticating emails, automating tracking of message delivery, and more. Specifically, two (2) JSESSIONIDs are returned for valid users, and one (1) for invalid users.
Solution: Upgrade to Secure Messenger version 6.5 Updated Release 7, or migrate to Axway MailGate 5.2.0 (or later) for the equivalent functionality.
Contact: support.axway.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure messenger",
"scope": "eq",
"trust": 1.6,
"vendor": "axway",
"version": "6.3.2"
},
{
"model": "email firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "axway",
"version": null
},
{
"model": "secure messenger",
"scope": "lte",
"trust": 1.0,
"vendor": "axway",
"version": "6.5.0"
},
{
"model": "email firewall",
"scope": null,
"trust": 0.8,
"vendor": "axway",
"version": null
},
{
"model": "secure messenger",
"scope": "lt",
"trust": 0.8,
"vendor": "axway",
"version": "6.5 updated release 7"
},
{
"model": "secure messenger",
"scope": "eq",
"trust": 0.6,
"vendor": "axway",
"version": "6.5.0"
},
{
"model": "secure messenger",
"scope": "eq",
"trust": 0.3,
"vendor": "axway",
"version": "6.5"
},
{
"model": "secure messenger updated releas",
"scope": "ne",
"trust": 0.3,
"vendor": "axway",
"version": "6.5.0"
}
],
"sources": [
{
"db": "BID",
"id": "57457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:axway:email_firewall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:axway:secure_messenger",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jason Doyle of FishNet Security",
"sources": [
{
"db": "BID",
"id": "57457"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
}
],
"trust": 0.9
},
"cve": "CVE-2012-6452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-59733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6452",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-6452",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-430",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-59733",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. Axway Secure Messenger is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. \nAxway Secure Messenger 6.5 is vulnerable; other versions may also be affected. Axway Secure Messenger is a suite of email encryption software from Axway, France. The software supports encrypting and authenticating emails, automating tracking of message delivery, and more. Specifically, two (2) JSESSIONIDs are returned for valid users, and one (1) for invalid users. \n \nSolution:\nUpgrade to Secure Messenger version 6.5 Updated Release 7, or migrate to Axway MailGate 5.2.0 (or later) for the equivalent functionality. \n \nContact:\nsupport.axway.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6452"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "BID",
"id": "57457"
},
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "PACKETSTORM",
"id": "119650"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-59733",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6452",
"trust": 2.9
},
{
"db": "BID",
"id": "57457",
"trust": 2.0
},
{
"db": "XF",
"id": "81388",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20130117 CVE-2012-6452 AXWAY SECURE MESSENGER USERNAME DISCLOSURE",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "119650",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-59733",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "BID",
"id": "57457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "PACKETSTORM",
"id": "119650"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"id": "VAR-201405-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:41:29.119000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Axway Secure Messenger",
"trust": 0.8,
"url": "http://www.axway.com/products-solutions/email-identity-security/email-encryption/secure-messenger"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/57457"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/81388"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6452"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6452"
},
{
"trust": 0.3,
"url": "http://www.axway.com/products-solutions/email-identity-security/email-encryption/secure-messenger"
},
{
"trust": 0.3,
"url": "/archive/1/525346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6452"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "BID",
"id": "57457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "PACKETSTORM",
"id": "119650"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-59733"
},
{
"db": "BID",
"id": "57457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"db": "PACKETSTORM",
"id": "119650"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-59733"
},
{
"date": "2013-01-17T00:00:00",
"db": "BID",
"id": "57457"
},
{
"date": "2014-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"date": "2013-01-18T17:22:22",
"db": "PACKETSTORM",
"id": "119650"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"date": "2014-05-27T14:55:03.323000",
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-59733"
},
{
"date": "2013-01-17T00:00:00",
"db": "BID",
"id": "57457"
},
{
"date": "2014-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006221"
},
{
"date": "2014-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-430"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6452"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Axway Email Firewall Used in Axway Secure Messenger Vulnerabilities enumerated by users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-430"
}
],
"trust": 0.6
}
}
VAR-201904-0496
Vulnerability from variot - Updated: 2024-11-23 23:11Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. Vordel XML Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Axway Vordel XML Gateway is a French Axway company's XML gateway with threat scanning and traffic control functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vordel xml gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "axway",
"version": "7.2.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:axway:vordel_xml_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
}
]
},
"cve": "CVE-2015-5606",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5606",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-83567",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5606",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5606",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-5606",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-153",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83567",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83567"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. Vordel XML Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Axway Vordel XML Gateway is a French Axway company\u0027s XML gateway with threat scanning and traffic control functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5606"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "VULHUB",
"id": "VHN-83567"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5606",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-83567",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83567"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"id": "VAR-201904-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-83567"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:53.865000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.axway.com/en"
},
{
"title": "Vordel XML Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91074"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83567"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5606"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5606"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83567"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-83567"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-83567"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"date": "2019-04-03T19:29:00.260000",
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-83567"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008243"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-153"
},
{
"date": "2024-11-21T02:33:23.107000",
"db": "NVD",
"id": "CVE-2015-5606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vordel XML Gateway Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-153"
}
],
"trust": 0.6
}
}
CVE-2019-14277 (GCVE-0-2019-14277)
Vulnerability from nvd – Published: 2019-07-26 03:33 – Updated: 2024-08-05 00:12 Disputed- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47150 | x_refsource_MISC |
| https://gist.githubusercontent.com/zeropwn/59f177… | x_refsource_MISC |
| https://zero.lol/2019-07-21-axway-securetransport… | x_refsource_MISC |
| https://community.axway.com/s/article/SecureTrans… | x_refsource_CONFIRM |
| https://community.axway.com/s/article/SecureTrans… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:42.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because \u201cAll attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:55:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because \u201cAll attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.\u201d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47150",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"name": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE",
"refsource": "MISC",
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"name": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/",
"refsource": "MISC",
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE",
"refsource": "CONFIRM",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice",
"refsource": "CONFIRM",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14277",
"datePublished": "2019-07-26T03:33:12.000Z",
"dateReserved": "2019-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:42.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5606 (GCVE-0-2015-5606)
Vulnerability from nvd – Published: 2019-04-03 18:51 – Updated: 2024-08-06 06:50- n/a
| URL | Tags |
|---|---|
| https://www.excellium-services.com/cert-xlm-advis… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T18:51:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5606",
"datePublished": "2019-04-03T18:51:22.000Z",
"dateReserved": "2015-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6500 (GCVE-0-2019-6500)
Vulnerability from nvd – Published: 2019-01-21 06:00 – Updated: 2024-08-04 20:23- n/a
| URL | Tags |
|---|---|
| https://github.com/inf0seq/inf0seq.github.io/blob… | x_refsource_MISC |
| https://inf0seq.github.io/cve/2019/01/20/Director… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of \u0027.\u0027 characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-21T06:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of \u0027.\u0027 characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md",
"refsource": "MISC",
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"name": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html",
"refsource": "MISC",
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6500",
"datePublished": "2019-01-21T06:00:00.000Z",
"dateReserved": "2019-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7057 (GCVE-0-2013-7057)
Vulnerability from nvd – Published: 2014-11-04 15:00 – Updated: 2024-08-06 17:53- n/a
| URL | Tags |
|---|---|
| http://osvdb.org/show/osvdb/113851 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/35046 | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "113851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "113851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "113851",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7057",
"datePublished": "2014-11-04T15:00:00.000Z",
"dateReserved": "2013-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:46.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6452 (GCVE-0-2012-6452)
Vulnerability from nvd – Published: 2014-05-27 15:00 – Updated: 2024-08-06 21:28- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/57457 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6452",
"datePublished": "2014-05-27T15:00:00.000Z",
"dateReserved": "2012-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:28:39.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4991 (GCVE-0-2012-4991)
Vulnerability from nvd – Published: 2012-12-13 11:00 – Updated: 2024-09-16 23:51- n/a
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/23324/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23324/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-13T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23324/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23324",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23324/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4991",
"datePublished": "2012-12-13T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:07.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14277 (GCVE-0-2019-14277)
Vulnerability from cvelistv5 – Published: 2019-07-26 03:33 – Updated: 2024-08-05 00:12 Disputed- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47150 | x_refsource_MISC |
| https://gist.githubusercontent.com/zeropwn/59f177… | x_refsource_MISC |
| https://zero.lol/2019-07-21-axway-securetransport… | x_refsource_MISC |
| https://community.axway.com/s/article/SecureTrans… | x_refsource_CONFIRM |
| https://community.axway.com/s/article/SecureTrans… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:42.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because \u201cAll attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:55:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because \u201cAll attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.\u201d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47150",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47150"
},
{
"name": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE",
"refsource": "MISC",
"url": "https://gist.githubusercontent.com/zeropwn/59f17727dfaba239b0ace6f33b752974/raw/9b6541a94ac5ec181a88e6c84cb3e3001025b8fd/Axway%2520SecureTransport%25205.x%2520Unauthenticated%2520XXE"
},
{
"name": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/",
"refsource": "MISC",
"url": "https://zero.lol/2019-07-21-axway-securetransport-xml-injection/"
},
{
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE",
"refsource": "CONFIRM",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice-re-CVE-2019-14277-Unauthenticated-XML-Injection-and-XXE"
},
{
"name": "https://community.axway.com/s/article/SecureTransport-Security-Notice",
"refsource": "CONFIRM",
"url": "https://community.axway.com/s/article/SecureTransport-Security-Notice"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14277",
"datePublished": "2019-07-26T03:33:12.000Z",
"dateReserved": "2019-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:42.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5606 (GCVE-0-2015-5606)
Vulnerability from cvelistv5 – Published: 2019-04-03 18:51 – Updated: 2024-08-06 06:50- n/a
| URL | Tags |
|---|---|
| https://www.excellium-services.com/cert-xlm-advis… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-03T18:51:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/",
"refsource": "MISC",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5606/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5606",
"datePublished": "2019-04-03T18:51:22.000Z",
"dateReserved": "2015-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6500 (GCVE-0-2019-6500)
Vulnerability from cvelistv5 – Published: 2019-01-21 06:00 – Updated: 2024-08-04 20:23- n/a
| URL | Tags |
|---|---|
| https://github.com/inf0seq/inf0seq.github.io/blob… | x_refsource_MISC |
| https://inf0seq.github.io/cve/2019/01/20/Director… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of \u0027.\u0027 characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-21T06:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of \u0027.\u0027 characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md",
"refsource": "MISC",
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"name": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html",
"refsource": "MISC",
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6500",
"datePublished": "2019-01-21T06:00:00.000Z",
"dateReserved": "2019-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7057 (GCVE-0-2013-7057)
Vulnerability from cvelistv5 – Published: 2014-11-04 15:00 – Updated: 2024-08-06 17:53- n/a
| URL | Tags |
|---|---|
| http://osvdb.org/show/osvdb/113851 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/35046 | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "113851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "113851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "113851",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/113851"
},
{
"name": "axwaysecuretransport-cve20137057-csrf(98320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98320"
},
{
"name": "35046",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7057",
"datePublished": "2014-11-04T15:00:00.000Z",
"dateReserved": "2013-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:46.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6452 (GCVE-0-2012-6452)
Vulnerability from cvelistv5 – Published: 2014-05-27 15:00 – Updated: 2024-08-06 21:28- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/57457 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
},
{
"name": "57457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57457"
},
{
"name": "axway-secure-info-disc(81388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6452",
"datePublished": "2014-05-27T15:00:00.000Z",
"dateReserved": "2012-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:28:39.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4991 (GCVE-0-2012-4991)
Vulnerability from cvelistv5 – Published: 2012-12-13 11:00 – Updated: 2024-09-16 23:51- n/a
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/23324/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23324/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-13T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23324",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23324/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23324",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23324/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4991",
"datePublished": "2012-12-13T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:07.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}