Search
Find a vulnerability
Search criteria
4 vulnerabilities by utimaco
CVE-2020-26155 (GCVE-0-2020-26155)
Vulnerability from nvd – Published: 2021-03-18 16:17 – Updated: 2024-08-04 15:49
VLAI
Summary
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hsm.utimaco.com/products-hardware-securit… | x_refsource_MISC |
| https://secureyourit.co.uk/wp/2021/03/13/utimaco-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T16:17:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/",
"refsource": "MISC",
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"name": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/",
"refsource": "MISC",
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26155",
"datePublished": "2021-03-18T16:17:01.000Z",
"dateReserved": "2020-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7142 (GCVE-0-2006-7142)
Vulnerability from nvd – Published: 2007-03-07 20:00 – Updated: 2024-08-07 20:50
VLAI
Summary
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/448598/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.utimaco.fi/servlets/ActionDispatcher?a… | x_refsource_MISC |
| http://www.securityfocus.com/bid/20529 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449120/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"name": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104",
"refsource": "MISC",
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7142",
"datePublished": "2007-03-07T20:00:00.000Z",
"dateReserved": "2007-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26155 (GCVE-0-2020-26155)
Vulnerability from cvelistv5 – Published: 2021-03-18 16:17 – Updated: 2024-08-04 15:49
VLAI
Summary
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hsm.utimaco.com/products-hardware-securit… | x_refsource_MISC |
| https://secureyourit.co.uk/wp/2021/03/13/utimaco-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T16:17:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/",
"refsource": "MISC",
"url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"
},
{
"name": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/",
"refsource": "MISC",
"url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26155",
"datePublished": "2021-03-18T16:17:01.000Z",
"dateReserved": "2020-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:49:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7142 (GCVE-0-2006-7142)
Vulnerability from cvelistv5 – Published: 2007-03-07 20:00 – Updated: 2024-08-07 20:50
VLAI
Summary
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/448598/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.utimaco.fi/servlets/ActionDispatcher?a… | x_refsource_MISC |
| http://www.securityfocus.com/bid/20529 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449120/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061013 Utimaco Safeguard Easy vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448598/100/0/threaded"
},
{
"name": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104",
"refsource": "MISC",
"url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true\u0026scope=domain\u0026domain_id=www.utimaco.fi\u0026page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103\u0026form_id=\u0026component_id=linkin_dokumentti_104"
},
{
"name": "20529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20529"
},
{
"name": "20061018 Re: Utimaco Safeguard Easy vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449120/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7142",
"datePublished": "2007-03-07T20:00:00.000Z",
"dateReserved": "2007-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:06.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}