Search
Find a vulnerability
Search criteria
3 vulnerabilities by hammock
CVE-2022-28719 (GCVE-0-2022-28719)
Vulnerability from cvelistv5 – Published: 2022-04-28 08:25 – Updated: 2024-08-03 06:03
VLAI
Summary
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
Severity
No CVSS data available.
CWE
- Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/220422.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54857505/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver.13.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver.13.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T08:25:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView",
"version": {
"version_data": [
{
"version_value": "prior to Ver.13.2.0"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/220422.html",
"refsource": "MISC",
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54857505/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28719",
"datePublished": "2022-04-28T08:25:12.000Z",
"dateReserved": "2022-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:03:52.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2241 (GCVE-0-2017-2241)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2241",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2240 (GCVE-0-2017-2240)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2240",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}