CWE-477

Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

CVE-2018-17890 (GCVE-0-2018-17890)
Vulnerability from cvelistv5
Published
2018-10-12 14:00
Modified
2024-09-17 03:32
Severity ?
CWE
  • CWE-477 - USE OF OBSOLETE FUNCTION
Summary
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.
References
Impacted products
Vendor Product Version
NUUO NUUO CMS Version: All versions 3.1 and prior
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NUUO CMS",
          "vendor": "NUUO",
          "versions": [
            {
              "status": "affected",
              "version": "All versions 3.1 and prior"
            }
          ]
        }
      ],
      "datePublic": "2018-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-25T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "105717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-10-11T00:00:00",
          "ID": "CVE-2018-17890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NUUO CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions 3.1 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NUUO"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105717"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17890",
    "datePublished": "2018-10-12T14:00:00Z",
    "dateReserved": "2018-10-02T00:00:00",
    "dateUpdated": "2024-09-17T03:32:27.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10968 (GCVE-0-2019-10968)
Vulnerability from cvelistv5
Published
2019-07-24 14:46
Modified
2024-08-04 22:40
Severity ?
CWE
  • CWE-477 - USE OF OBSOLETE FUNCTION
Summary
Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Philips Holter 2010 Plus",
          "vendor": "Philips",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-24T14:46:14",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips Holter 2010 Plus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Philips"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-19-192-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10968",
    "datePublished": "2019-07-24T14:46:14",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10988 (GCVE-0-2019-10988)
Vulnerability from cvelistv5
Published
2019-09-04 13:36
Modified
2024-08-04 22:40
Severity ?
CWE
  • CWE-477 - USE OF OBSOLETE FUNCTION
Summary
In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.
References
Impacted products
Vendor Product Version
n/a Philips HDI 4000 Ultrasound Systems Version: All versions running on old, unsupported operating systems such as Windows 2000.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Philips HDI 4000 Ultrasound Systems",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions running on old, unsupported operating systems such as Windows 2000."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-04T13:36:31",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10988",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips HDI 4000 Ultrasound Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions running on old, unsupported operating systems such as Windows 2000."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10988",
    "datePublished": "2019-09-04T13:36:31",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18251 (GCVE-0-2019-18251)
Vulnerability from cvelistv5
Published
2019-11-25 23:29
Modified
2024-08-05 01:47
Severity ?
CWE
  • CWE-477 - USE OF OBSOLETE FUNCTION
Summary
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.
Impacted products
Vendor Product Version
n/a Omron CX-Supervisor Version: Versions 3.5 (12) and prior
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:14.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Omron CX-Supervisor",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 3.5 (12) and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T01:06:07",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-18251",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Omron CX-Supervisor",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions 3.5 (12) and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-04"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-997/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-18251",
    "datePublished": "2019-11-25T23:29:02",
    "dateReserved": "2019-10-22T00:00:00",
    "dateUpdated": "2024-08-05T01:47:14.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6978 (GCVE-0-2020-6978)
Vulnerability from cvelistv5
Published
2020-03-24 20:09
Modified
2024-08-04 09:18
Severity ?
CWE
  • CWE-477 - USE OF OBSOLETE FUNCTION
Summary
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
References
Impacted products
Vendor Product Version
n/a Honeywell WIN-PAK 4.7.2, Web and prior versions Version: Honeywell WIN-PAK 4.7.2, Web and prior versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honeywell WIN-PAK 4.7.2, Web and prior versions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Honeywell WIN-PAK 4.7.2, Web and prior versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-24T20:09:17",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-6978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honeywell WIN-PAK 4.7.2, Web and prior versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Honeywell WIN-PAK 4.7.2, Web and prior versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-6978",
    "datePublished": "2020-03-24T20:09:17",
    "dateReserved": "2020-01-14T00:00:00",
    "dateUpdated": "2024-08-04T09:18:03.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1384 (GCVE-0-2022-1384)
Vulnerability from cvelistv5
Published
2022-04-19 20:26
Modified
2024-12-06 23:09
CWE
  • CWE-477 - Use of Obsolete Function
Summary
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
References
Impacted products
Vendor Product Version
Mattermost Mattermost Version: unspecified   <
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:06.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mattermost.com/security-updates/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T22:52:58.546800Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T23:09:22.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "6.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477 Use of Obsolete Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T20:26:28",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mattermost.com/security-updates/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to version v6.5 or higher"
        }
      ],
      "source": {
        "advisory": "MMSA-2022-0095",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-41885"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Authorized users are allowed to install old plugin versions from the Marketplace",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "responsibledisclosure@mattermost.com",
          "ID": "CVE-2022-1384",
          "STATE": "PUBLIC",
          "TITLE": "Authorized users are allowed to install old plugin versions from the Marketplace"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mattermost",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mattermost"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-477 Use of Obsolete Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://mattermost.com/security-updates/",
              "refsource": "MISC",
              "url": "https://mattermost.com/security-updates/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update Mattermost to version v6.5 or higher"
          }
        ],
        "source": {
          "advisory": "MMSA-2022-0095",
          "defect": [
            "https://mattermost.atlassian.net/browse/MM-41885"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2022-1384",
    "datePublished": "2022-04-19T20:26:28",
    "dateReserved": "2022-04-18T00:00:00",
    "dateUpdated": "2024-12-06T23:09:22.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23451 (GCVE-0-2023-23451)
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2025-02-05 15:24
Severity ?
CWE
Summary
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sick.com/psirt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T15:22:34.735214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:24:56.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=2311xxxx"
            },
            {
              "status": "affected",
              "version": "\u003c=V2.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number \u003c=2311xxxx with Firmware \u003c=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number \u003c=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number \u003c=2311xxxx with Firmware \u003c=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:42:41.838Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "url": "https://sick.com/psirt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2023-23451",
    "datePublished": "2023-04-19T00:00:00.000Z",
    "dateReserved": "2023-01-12T00:00:00.000Z",
    "dateUpdated": "2025-02-05T15:24:56.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28829 (GCVE-0-2023-28829)
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:52
CWE
  • CWE-477 - Use of Obsolete Function
Summary
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:38.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28829",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-03T01:45:58.400145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-03T01:52:55.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET PC Software V14",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC NET PC Software V15",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V8.2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS 7 V9.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAUT Software ST7sc",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions \u003c V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms \u0026 Events)) were used per default. These\r\nservices were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477: Use of Obsolete Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T08:17:07.989Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-28829",
    "datePublished": "2023-06-13T08:17:07.989Z",
    "dateReserved": "2023-03-24T15:17:29.558Z",
    "dateUpdated": "2025-01-03T01:52:55.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49212 (GCVE-0-2025-49212)
Vulnerability from cvelistv5
Published
2025-06-17 20:27
Modified
2025-06-18 14:57
Severity ?
CWE
  • CWE-477 - Use of Obsolete Function
Summary
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server Version: 6.0   
    cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:56:50.316281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T14:57:32.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Endpoint Encryption Policy Server",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "6.0.0.4013",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477: Use of Obsolete Function",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:27:37.318Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-369/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-49212",
    "datePublished": "2025-06-17T20:27:37.318Z",
    "dateReserved": "2025-06-03T18:11:27.259Z",
    "dateUpdated": "2025-06-18T14:57:32.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49213 (GCVE-0-2025-49213)
Vulnerability from cvelistv5
Published
2025-06-17 20:27
Modified
2025-06-18 14:42
Severity ?
CWE
  • CWE-477 - Use of Obsolete Function
Summary
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server Version: 6.0   
    cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:36:00.638328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T14:42:21.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Endpoint Encryption Policy Server",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "6.0.0.4013",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477: Use of Obsolete Function",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:27:44.731Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-370/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-49213",
    "datePublished": "2025-06-17T20:27:44.731Z",
    "dateReserved": "2025-06-03T18:11:27.259Z",
    "dateUpdated": "2025-06-18T14:42:21.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Implementation

Description:

  • Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
Mitigation

Phase: Requirements

Description:

  • Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page