In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 12-13, 2023.
During this period, The National Vulnerability Database published 192, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 51
Medium: 45
Low: 12
Severity Not Assigned: 78
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-42478
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
References: https://me.sap.com/notes/3382353
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-42481
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
References: https://me.sap.com/notes/3394567
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-49580
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
References: https://me.sap.com/notes/3385711
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-49583
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://me.sap.com/notes/3411067
https://www.npmjs.com/package/@sap/xssec
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-50422
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-security-services-integration-library/
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
https://me.sap.com/notes/3411067
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-50423
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-pysec/
https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
https://me.sap.com/notes/3411067
https://pypi.org/project/sap-xssec/
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-6542
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
References: https://me.sap.com/notes/3406244
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-50424
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-security-client-go
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
https://me.sap.com/notes/3411067
https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-6709
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
References: https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625
https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-41117
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
References: https://www.enterprisedb.com/docs/security/advisories/cve202341117/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-41119
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
References: https://www.enterprisedb.com/docs/security/advisories/cve202341119/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-48641
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.
References: https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45316
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
References: https://mattermost.com/security-updates
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-48677
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.
References: https://security-advisory.acronis.com/advisories/SEC-5620
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
15. CVE-2022-42784
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf
CWE-ID: CWE-1319
Common Platform Enumerations (CPE): Not Found
16. CVE-2022-47374
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.
This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
CWE-ID: CWE-674
Common Platform Enumerations (CPE): Not Found
17. CVE-2022-47375
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.
This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
CWE-ID: CWE-805
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-38380
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.
An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf
CWE-ID: CWE-401
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-46156
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Affected devices improperly handle specially crafted packets sent to port 102/tcp.
This could allow an attacker to create a denial of service condition. A restart is needed to restore
normal operations.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-46281
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-46282
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-46283
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-46284
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-46285
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-48427
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-48428
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-49691
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-49692
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-21740
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Media Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-35621
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-35622
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Windows DNS Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-35624
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Azure Connected Machine Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-35628
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Windows MSHTML Platform Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-35630
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-35631
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-35632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-35633
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-35634
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Windows Bluetooth Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-35638
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-35639
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-35641
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-35643
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-35644
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Sysmain Service Elevation of Privilege
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-36004
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-36005
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-36006
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-36010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Defender Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-36011
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-36019
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Microsoft Power Platform Connector Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-36020
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-36391
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-36696
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-49089
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
References: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-48225
Base Score: 8.9
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 6.0
Description: Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.
References: https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50
https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306
https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-50252
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 12-13, 2023.
During this period, The National Vulnerability Database published 192, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 51
Medium: 45
Low: 12
Severity Not Assigned: 78
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-42478
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.3
Description: SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
References: https://me.sap.com/notes/3382353
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-42481
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
References: https://me.sap.com/notes/3394567
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-49580
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
References: https://me.sap.com/notes/3385711
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-49583
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://me.sap.com/notes/3411067
https://www.npmjs.com/package/@sap/xssec
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-50422
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-security-services-integration-library/
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
https://me.sap.com/notes/3411067
https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-50423
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-pysec/
https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
https://me.sap.com/notes/3411067
https://pypi.org/project/sap-xssec/
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-6542
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
References: https://me.sap.com/notes/3406244
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-50424
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
References: https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
https://github.com/SAP/cloud-security-client-go
https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
https://me.sap.com/notes/3411067
https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-6709
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
References: https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625
https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-41117
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
References: https://www.enterprisedb.com/docs/security/advisories/cve202341117/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-41119
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
References: https://www.enterprisedb.com/docs/security/advisories/cve202341119/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-48641
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources.
References: https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/711859
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45316
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/
References: https://mattermost.com/security-updates
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-48677
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.
References: https://security-advisory.acronis.com/advisories/SEC-5620
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
15. CVE-2022-42784
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 0.9
Impact Score: 6.0
Description: A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf
CWE-ID: CWE-1319
Common Platform Enumerations (CPE): Not Found
16. CVE-2022-47374
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.
This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
CWE-ID: CWE-674
Common Platform Enumerations (CPE): Not Found
17. CVE-2022-47375
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.
This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
CWE-ID: CWE-805
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-38380
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.
An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf
CWE-ID: CWE-401
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-46156
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Affected devices improperly handle specially crafted packets sent to port 102/tcp.
This could allow an attacker to create a denial of service condition. A restart is needed to restore
normal operations.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-46281
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-46282
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.5
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-46283
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-46284
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-46285
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-48427
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-48428
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-49691
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-49692
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.
References: https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-21740
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Media Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-35621
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-35622
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Windows DNS Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-35624
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Azure Connected Machine Agent Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-35628
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Windows MSHTML Platform Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-35630
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-35631
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-35632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-35633
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Kernel Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-35634
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Windows Bluetooth Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-35638
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-35639
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft ODBC Driver Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-35641
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-35643
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: DHCP Server Service Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-35644
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Sysmain Service Elevation of Privilege
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-36004
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-36005
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Windows Telephony Server Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-36006
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-36010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Microsoft Defender Denial of Service Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-36011
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Win32k Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-36019
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Microsoft Power Platform Connector Spoofing Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-36020
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-36391
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-36696
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-49089
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
References: https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-48225
Base Score: 8.9
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 6.0
Description: Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist.
References: https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50
https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306
https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-50252
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `