VAR-190001-0356
Vulnerability from variot - Updated: 2022-05-17 02:06Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. CodeMeter 4.30c is affected; other versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter 4.30c",
"scope": null,
"trust": 1.1,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.30d",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nExploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. \nCodeMeter 4.30c is affected; other versions may also be vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49437",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-3494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016",
"trust": 0.6
},
{
"db": "IVD",
"id": "8E1E3A1A-E596-44F1-AAB8-28036106C15C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"id": "VAR-190001-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
}
],
"trust": 1.25604396
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
}
]
},
"last_update_date": "2022-05-17T02:06:56.132000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://aluigi.altervista.org/adv/codemeter_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49437"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/en/codemeter.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-05T00:00:00",
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"date": "2011-09-02T00:00:00",
"db": "BID",
"id": "49437"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"date": "2011-12-22T18:30:00",
"db": "BID",
"id": "49437"
},
{
"date": "2011-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…