CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CVE-2017-12079 (GCVE-0-2017-12079)
Vulnerability from cvelistv5
- CWE-552 - Files or Directories Accessible to External Parties ()
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
Synology | Photo Station |
Version: before 6.8.1-3458 Version: before 6.3-2970 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:15.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Photo Station", "vendor": "Synology", "versions": [ { "status": "affected", "version": "before 6.8.1-3458" }, { "status": "affected", "version": "before 6.3-2970" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "Files or Directories Accessible to External Parties (CWE-552)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-04T18:57:01", "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@synology.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-12079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Photo Station", "version": { "version_data": [ { "version_value": "before 6.8.1-3458" }, { "version_value": "before 6.3-2970" } ] } } ] }, "vendor_name": "Synology" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Files or Directories Accessible to External Parties (CWE-552)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station", "refsource": "CONFIRM", "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station" } ] } } } }, "cveMetadata": { "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "assignerShortName": "synology", "cveId": "CVE-2017-12079", "datePublished": "2017-12-04T19:00:00Z", "dateReserved": "2017-07-31T00:00:00", "dateUpdated": "2024-09-16T18:19:19.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-15104 (GCVE-0-2017-15104)
Vulnerability from cvelistv5
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:50:15.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3481" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2017-15104" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Heketi", "vendor": "Heketi", "versions": [ { "status": "affected", "version": "5.0" } ] } ], "datePublic": "2017-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-19T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2017:3481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3481" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/security/cve/CVE-2017-15104" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15104", "datePublished": "2017-12-18T19:00:00Z", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-08-05T19:50:15.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-2621 (GCVE-0-2017-2621)
Vulnerability from cvelistv5
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Red Hat | openstack-heat |
Version: openstack-heat-8.0.0 Version: openstack-heat-6.1.0 Version: openstack-heat-7.0.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:02:06.948Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" }, { "name": "RHSA-2017:1243", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1243" }, { "name": "RHSA-2017:1464", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1464" }, { "name": "96280", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96280" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openstack-heat", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "openstack-heat-8.0.0" }, { "status": "affected", "version": "openstack-heat-6.1.0" }, { "status": "affected", "version": "openstack-heat-7.0.2" } ] } ], "datePublic": "2017-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" }, { "name": "RHSA-2017:1243", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1243" }, { "name": "RHSA-2017:1464", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1464" }, { "name": "96280", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96280" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2621", "datePublished": "2018-07-27T18:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:06.948Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-2622 (GCVE-0-2017-2622)
Vulnerability from cvelistv5
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
[UNKNOWN] | openstack-mistral |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:02:06.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" }, { "name": "RHSA-2017:1584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1584" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openstack-mistral", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" }, { "name": "RHSA-2017:1584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1584" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2622", "datePublished": "2018-07-27T13:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:06.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-1079 (GCVE-0-2018-1079)
Vulnerability from cvelistv5
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
unspecified | pcs |
Version: pcs 0.9.164 Version: pcs 0.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:48.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1060" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pcs", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "pcs 0.9.164" }, { "status": "affected", "version": " pcs 0.10" } ] } ], "datePublic": "2018-04-12T00:00:00", "descriptions": [ { "lang": "en", "value": "pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-04-12T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/errata/RHSA-2018:1060" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "pcs", "version": { "version_data": [ { "version_value": "pcs 0.9.164" }, { "version_value": " pcs 0.10" } ] } } ] }, "vendor_name": "" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process." } ] }, "impact": { "cvss": [ [ { "vectorString": "8.7/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-552" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/errata/RHSA-2018:1060", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2018:1060" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1079", "datePublished": "2018-04-12T17:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10863 (GCVE-0-2018-10863)
Vulnerability from cvelistv5
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | redhat-certification |
Version: redhat-certification 7 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.062Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2018-10863" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redhat-certification", "vendor": "n/a", "versions": [ { "status": "affected", "version": "redhat-certification 7" } ] } ], "descriptions": [ { "lang": "en", "value": "It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-05T15:23:32", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594122" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2018-10863" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10863", "datePublished": "2021-05-26T18:03:06", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.062Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10867 (GCVE-0-2018-10867)
Vulnerability from cvelistv5
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | redhat-certification |
Version: redhat-certification 7 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593764" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2018-10867" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redhat-certification", "vendor": "n/a", "versions": [ { "status": "affected", "version": "redhat-certification 7" } ] } ], "descriptions": [ { "lang": "en", "value": "Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-05T15:24:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593764" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2018-10867" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10867", "datePublished": "2021-05-26T18:03:20", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10869 (GCVE-0-2018-10869)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
[UNKNOWN] | redhat-certification |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105061", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105061" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869" }, { "name": "RHSA-2018:2373", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2373" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redhat-certification", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-15T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "105061", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105061" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869" }, { "name": "RHSA-2018:2373", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2373" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10869", "datePublished": "2018-07-19T22:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-10930 (GCVE-0-2019-10930)
Vulnerability from cvelistv5
- CWE-552 - Files or Directories Accessible to External Parties
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
► | Siemens AG | All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules |
Version: All versions |
|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions " } ] }, { "product": "DIGSI 5 engineering software", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V7.90" } ] }, { "product": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V7.90" } ] }, { "product": "SIPROTEC 5 device types 7SS85 and 7KE85", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V8.01" } ] }, { "product": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552: Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-10T16:13:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10930", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules", "version": { "version_data": [ { "version_value": "All versions " } ] } }, { "product_name": "DIGSI 5 engineering software", "version": { "version_data": [ { "version_value": "All versions \u003c V7.90" } ] } }, { "product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules", "version": { "version_data": [ { "version_value": "All versions \u003c V7.90" } ] } }, { "product_name": "SIPROTEC 5 device types 7SS85 and 7KE85", "version": { "version_data": [ { "version_value": "All versions \u003c V8.01" } ] } }, { "product_name": "SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-552: Files or Directories Accessible to External Parties" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10930", "datePublished": "2019-07-11T21:17:47", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13941 (GCVE-0-2019-13941)
Vulnerability from cvelistv5
- CWE-552 - Files or Directories Accessible to External Parties
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Siemens AG | OZW672 |
Version: All versions < V10.00 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OZW672", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V10.00" } ] }, { "product": "OZW772", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V10.00" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-552", "description": "CWE-552: Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-10T19:16:14", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13941", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OZW672", "version": { "version_data": [ { "version_value": "All versions \u003c V10.00" } ] } }, { "product_name": "OZW772", "version": { "version_data": [ { "version_value": "All versions \u003c V10.00" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-552: Files or Directories Accessible to External Parties" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13941", "datePublished": "2020-02-11T15:36:10", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.901Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.