Vulnerabilites related to Hammock Corporation - AssetView CLOUD
CVE-2025-25060 (GCVE-0-2025-25060)
Vulnerability from cvelistv5
Published
2025-04-02 03:20
Modified
2025-04-02 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing authentication for critical function
Summary
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Hammock Corporation | AssetView |
Version: prior to Ver 13.2.4.3408 (13.2.4O) |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:44:53.916896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:04:49.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:20:54.826Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25060",
"datePublished": "2025-04-02T03:20:54.826Z",
"dateReserved": "2025-03-07T06:04:12.829Z",
"dateUpdated": "2025-04-02T16:04:49.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27244 (GCVE-0-2025-27244)
Vulnerability from cvelistv5
Published
2025-04-02 03:21
Modified
2025-04-02 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of sensitive information into sent data
Summary
AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Hammock Corporation | AssetView |
Version: prior to Ver 13.2.4.3408 (13.2.4O) |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:30:04.477226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:41:04.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of sensitive information into sent data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:21:11.828Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27244",
"datePublished": "2025-04-02T03:21:11.828Z",
"dateReserved": "2025-03-07T06:04:10.352Z",
"dateUpdated": "2025-04-02T15:41:04.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}