publicdata/nist-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nist-gov/nvd.nist.gov/index.html

1309 lines
50 KiB
HTML
Raw Normal View History

Initital commit.
2025-03-05 18:59:57 +00:00
<!DOCTYPE html>
<html lang="en">
<head>
<title>NVD - Home</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-script-type" content="text/javascript" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
type="text/css" rel="stylesheet" />
<link
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/css/nist-fonts.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/base-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/media-resize.css" type="text/css"
rel="stylesheet" />
<meta name="theme-color" content="#000000">
<script src="/site-scripts/jquery/dist/jquery.min.js"
type="text/javascript"></script>
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
type="text/javascript"></script>
<script src="/site-scripts/underscore/underscore-min.js"
type="text/javascript"></script>
<script src="/site-media/bootstrap/js/bootstrap.js"
type="text/javascript"></script>
<script src="/site-scripts/moment/min/moment.min.js"
type="text/javascript"></script>
<script
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
type="text/javascript"></script>
<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
<script src="/site-media/js/nist-exit-script.js"
type="text/javascript"></script>
<script src="/site-media/js/forms.js" type="text/javascript"></script>
<script
src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true"
type="text/javascript" id="_fed_an_js_tag"></script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>
<style id="antiClickjack">
body>* {
display: none !important;
}
#antiClickjack {
display: block !important;
}
</style>
<noscript>
<style id="antiClickjackNoScript">
body>* {
display: block !important;
}
#antiClickjack {
display: none !important;
}
</style>
</noscript>
<script type="text/javascript" id="antiClickjackScript">
if (self === top) {
// no clickjacking
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
setTimeout(tryForward(), 5000);
}
function tryForward() {
top.location = self.location;
}
</script>
<meta charset="UTF-8">
<link href="/site-media/css/nvd-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/images/favicons/apple-touch-icon.png"
rel="apple-touch-icon" type="image/png" sizes="180x180" />
<link href="/site-media/images/favicons/favicon-32x32.png"
rel="icon" type="image/png" sizes="32x32" />
<link href="/site-media/images/favicons/favicon-16x16.png"
rel="icon" type="image/png" sizes="16x16" />
<link href="/site-media/images/favicons/manifest.json"
rel="manifest" />
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
rel="mask-icon" color="#000000" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" />
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" type="image/x-icon" />
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
type="image/x-icon" />
<meta charset="UTF-8">
<meta charset="UTF-8">
</head>
<body>
<header role="banner" title="Site Banner">
<div id="antiClickjack" style="display: none">
<h1>You are viewing this page in an unauthorized frame window.</h1>
<p>
This is a potential security issue, you are being redirected to
<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
</p>
</div>
<div>
<section class="usa-banner" aria-label="Official government website">
<div class="usa-accordion container">
<header class="usa-banner__header">
<noscript>
<p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
</noscript>
<img class="usa-banner__header-flag"
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
&nbsp;
<span class="usa-banner__header-text">An official website of the United States government</span>
<button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</header>
<div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
<div class="row">
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Official websites use .gov</strong>
<br>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
</div>
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Secure .gov websites use HTTPS</strong>
<br>
A <strong>lock</strong> (<img class="usa-banner__lock"
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div>
<div>
<nav id="navbar" class="navbar">
<div id="nist-menu-container" class="container">
<div class="row">
<!-- Brand -->
<div class="col-xs-6 col-md-4 navbar-header"
style="height:104px">
<a class="navbar-brand"
href="https://www.nist.gov"
target="_blank" rel="noopener noreferrer"
id="navbar-brand-image"
style="padding-top: 36px">
<img alt="National Institute of Standards and Technology"
src="/site-media/images/nist/nist-logo.svg"
width="110" height="30">
</a>
</div>
<div class="col-xs-6 col-md-8 navbar-nist-logo">
<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
class="hidden-xxs">NVD </span>MENU</span>
</a>
</span>
</div>
</div>
</div>
<div class="main-menu-row container">
<!-- Collect the nav links, forms, and other content for toggling -->
<div id="main-menu-drop" class="col-lg-12" style="display: none;">
<ul>
<li><a href="/general"> General <span
class="expander fa fa-plus" id="nvd-header-menu-general"
data-expander-name="general" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="general">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/general/nvd-dashboard">NVD Dashboard</a>
</p>
<p>
<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/faq">FAQ</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/visualizations">Visualizations</a>
</p>
<p>
<a href="/general/legal-disclaimer">Legal Disclaimer</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln"> Vulnerabilities <span
class="expander fa fa-plus"
id="nvd-header-menu-vulnerabilities"
data-expander-name="vulnerabilities" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="vulnerabilities">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Search &amp; Statistics</a>
</p>
<p>
<a href="/vuln/categories">Weakness Types</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/data-feeds">Legacy Data Feeds</a>
</p>
<p>
<a href="/vuln/vendor-comments">Vendor Comments</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/cvmap">CVMAP</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
class="expander fa fa-plus" id="nvd-header-menu-metrics"
data-expander-name="metrics" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="metrics">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
Calculator</a>
</p>
</div>
</div>
</div></li>
<li><a href="/products"> Products <span
class="expander fa fa-plus" id="nvd-header-menu-products"
data-expander-name="products" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="products">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/products/cpe">CPE Dictionary</a>
</p>
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/statistics">CPE Statistics</a>
</p>
<p>
<a href="/products/swid">SWID</a>
</p>
</div>
<div class="col-lg-4"></div>
</div>
</div></li>
<li>
<a href="/developers">Developers<span
class="expander fa fa-plus" id="nvd-header-menu-developers"
data-expander-name="developers" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="developers">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/developers/start-here">Start Here</a>
</p>
<p>
<a href="/developers/request-an-api-key">Request an API Key</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/vulnerabilities">Vulnerabilities</a>
</p>
<p>
<a href="/developers/products">Products</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/data-sources">Data Sources</a>
</p>
<p>
<a href="/developers/terms-of-use">Terms of Use</a>
</p>
</div>
</div>
</div>
</li>
<li><a href="/contact"> Contact NVD </a></li>
<li><a href="/other"> Other Sites <span
class="expander fa fa-plus" id="nvd-header-menu-othersites"
data-expander-name="otherSites" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="otherSites">
<div class="row">
<div class="col-lg-4">
<p>
<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
</p>
<p>
<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
</p>
<p>
<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools</a>
</p>
<p>
<a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
</p>
</div>
</div>
</div></li>
<li><a href="/search"> Search <span
class="expander fa fa-plus" id="nvd-header-menu-search"
data-expander-name="search" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="search">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Vulnerability Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
</div>
</div></li>
</ul>
</div>
<!-- /#mobile-nav-container -->
</div>
</nav>
<section id="itl-header" class="has-menu">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8">
<h2 class="hidden-xs hidden-sm">
<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
</h2>
<h1 class="hidden-xs hidden-sm">
<a id="nvd-header-link"
href="/">National Vulnerability Database</a>
</h1>
<h1 class="hidden-xs text-center hidden-md hidden-lg"
>National Vulnerability Database</h1>
<h1 class="hidden-sm hidden-md hidden-lg text-center"
>NVD</h1>
</div>
<div class="col-sm-12 col-md-4">
<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
<img id="img-logo-nvd-lg"
alt="National Vulnerability Database"
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
width="500" height="100">
</a>
</div>
</div>
</div>
</section>
</div>
</div>
</header>
<main>
<div>
<div id="body-section" class="container">
<div>
<div class="row">
<nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs">
<ul class="side-nav">
<li><a href="/general">General<span
class="expander fa fa-plus" id="nvd-side-menu-general"
data-expander-name="generalSide" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="generalSide">
<ul>
<li><a href="/general/nvd-dashboard">NVD Dashboard</a></li>
<li><a href="https://www.nist.gov/itl/nvd">News and Status Updates</a></li>
<li><a href="/general/faq">FAQ</a></li>
<li><a href="/general/visualizations">Visualizations</a></li>
<li><a href="/general/legal-disclaimer">Legal Disclaimer</a></li>
</ul>
</div></li>
<li><a href="/vuln"> Vulnerabilities <span
class="expander fa fa-plus"
id="nvd-side-menu-vulnerabilities"
data-expander-name="vulnerabilitiesSide" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="vulnerabilitiesSide">
<ul>
<li><a href="/vuln/search">Search &amp; Statistics</a></li>
<li><a href="/vuln/categories">Weakness Types</a></li>
<li><a href="/vuln/data-feeds">Legacy Data Feeds</a></li>
<li><a href="/vuln/vendor-comments">Vendor Comments</a></li>
<li><a href="/vuln/cvmap">CVMAP</a></li>
</ul>
</div></li>
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
class="expander fa fa-plus" id="nvd-side-menu-metrics"
data-expander-name="metricsSide" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="metricsSide">
<ul>
<li><a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
Calculator</a></li>
<li><a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
Calculators</a></li>
<li><a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
Calculator</a></li>
</ul>
</div></li>
<li><a href="/products"> Products <span
class="expander fa fa-plus" id="nvd-side-menu-products"
data-expander-name="productsSide" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="productsSide">
<ul>
<li><a href="/products/cpe">CPE Dictionary</a></li>
<li><a href="/products/cpe/search">CPE Search</a></li>
<li><a href="/products/cpe/statistics">CPE Statistics</a></li>
<li><a href="/products/swid">SWID</a></li>
</ul>
</div></li>
<li>
<a href="/developers">Developers<span
class="expander fa fa-plus" id="nvd-side-menu-developers"
data-expander-name="developersSide" data-expanded="false">
<span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="developersSide">
<ul>
<li><a href="/developers/start-here">Start Here</a></li>
<li><a href="/developers/request-an-api-key">Request an API Key</a></li>
<li><a href="/developers/vulnerabilities">Vulnerabilities</a></li>
<li><a href="/developers/products">Products</a></li>
<li><a href="/developers/data-sources">Data Sources</a></li>
<li><a href="/developers/terms-of-use">Terms of Use</a></li>
</ul>
</div>
</li>
<li><a href="/contact"> Contact NVD </a></li>
<li><a href="/other"> Other Sites <span
class="expander fa fa-plus" id="nvd-side-menu-othersites"
data-expander-name="otherSitesSide" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="otherSitesSide">
<ul>
<li><a href="https://ncp.nist.gov">Checklist (NCP)
Repository</a></li>
<li><a href="https://ncp.nist.gov/cce">Configurations (CCE)</a></li>
<li><a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li>
<li><a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools</a></li>
<li><a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li>
<li><a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li>
</ul>
</div></li>
<li><a href="/search"> Search <span
class="expander fa fa-plus" id="nvd-side-menu-search"
data-expander-name="searchSide" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="searchSide">
<ul>
<li><a href="/vuln/search">Vulnerability Search</a></li>
<li><a href="/products/cpe/search">CPE Search</a></li>
</ul>
</div></li>
</ul>
</nav>
<div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12">
<div class="col-md-4" style="padding:0px;">
<div class="text-center">
<span class="carousel-title">
<a href="https://www.nist.gov/itl/nvd">
<img alt="Icon for New NVD Communications and Status Updates Page"
src="/site-media/images/LandingPage/readAllAboutIt800x632.png"
style="width: 300px; height: 237px;"
title="New NVD Communications and Status Updates Page">
<br/>
<strong>New Communications Page</strong>
</a>
</span>
</div>
</div>
<div class="col-md-4" style="padding:0px;">
<div class="text-center">
<span class="carousel-title">
<a href="/general/news/cvss-v4-0-official-support">
<img alt="The NVD now supports CVSS version 4.0!"
src="/site-media/images/LandingPage/cvssV4_0Logo.png"
style="width: 300px; height: 237px;"
title="The NVD now supports CVSS version 4.0!">
<br/>
<strong>CVSS v4.0 Support</strong>
</a>
</span>
</div>
</div>
<div class="row">
<div class="col-md-4" style="padding:0px;">
<div class="text-center">
<span class="carousel-title">
<a href="/general/news/api-20-announcements">
<img alt="The letters N V D typed out in binary"
src="/site-media/images/LandingPage/apiGuidance800x632.png"
style="width: 300px; height: 237px;"
title="Whats new in API two">
<br/>
<strong>2.0 APIs</strong>
</a>
</span>
</div>
</div>
</div>
<br/> <span>The NVD is the U.S. government repository
of standards based vulnerability management data represented using
the Security Content Automation Protocol (SCAP). This data enables
automation of vulnerability management, security measurement, and
compliance. The NVD includes databases of security checklist
references, security-related software flaws, product names, and
impact metrics.</span> <br/> <br/>
<span>For information on how to cite the NVD, including the
database's Digital Object Identifier (DOI), please consult <a href="https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436">
NIST's Public Data Repository</a>.</span>
<br/> <br/>
<div id="legal-disclaimer">
<h4>Legal Disclaimer:</h4>
<p>
Here is where you can read the NVD <a href="general/legal-disclaimer">legal disclaimer</a>.
</p>
</div>
<div>
<div class="row">
<div class="col-md-12 col-sm-12">
<div id="vulnResultsPanel">
<!-- Results Panel -->
<div id="latestVulnsArea">
<div id="latestVulnsTitleRow" class="row">
<span class="hidden-md col-lg-9"> <strong class="h4Size">Last
20 Scored Vulnerability IDs &amp; Summaries</strong>
</span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS
Severity </strong>
</span>
</div>
<ul id="latestVulns">
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-35017"
id="cveDetailAnchor-0">CVE-2023-35017</a></strong> - IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
<br> <strong>Published:</strong>
January 28, 2025; 7:15:07 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-0">
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-33838"
id="cveDetailAnchor-1">CVE-2023-33838</a></strong> - IBM Security Verify Governance 10.0.2 Identity Manager
uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
<br> <strong>Published:</strong>
January 28, 2025; 9:15:26 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-1">
<span id="cvss3-link-1"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-33838&amp;vector=AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-1" aria-label="V3 score for CVE-2023-33838">4.9 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-37412"
id="cveDetailAnchor-2">CVE-2023-37412</a></strong> - IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
<br> <strong>Published:</strong>
January 29, 2025; 12:15:26 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-2">
<span id="cvss3-link-2"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-37412&amp;vector=AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-2" aria-label="V3 score for CVE-2023-37412">4.9 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-37413"
id="cveDetailAnchor-3">CVE-2023-37413</a></strong> - IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
<br> <strong>Published:</strong>
January 29, 2025; 12:15:26 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-3">
<span id="cvss3-link-3"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-37413&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-3" aria-label="V3 score for CVE-2023-37413">5.3 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-50309"
id="cveDetailAnchor-4">CVE-2023-50309</a></strong> - IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
<a
href="/vuln/detail/CVE-2023-50309#vulnDescriptionTitle">read CVE-2023-50309</a><br> <strong>Published:</strong>
January 22, 2025; 10:15:08 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-4">
<span id="cvss3-link-4"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-50309&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-4" aria-label="V3 score for CVE-2023-50309">5.4 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2023-32340"
id="cveDetailAnchor-5">CVE-2023-32340</a></strong> - IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
<a
href="/vuln/detail/CVE-2023-32340#vulnDescriptionTitle">read CVE-2023-32340</a><br> <strong>Published:</strong>
January 22, 2025; 10:15:08 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-5">
<span id="cvss3-link-5"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-32340&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-5" aria-label="V3 score for CVE-2023-32340">5.4 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-1283"
id="cveDetailAnchor-6">CVE-2025-1283</a></strong> - The Dingtian DT-R0 Series is vulnerable to an exploit that allows
attackers to bypass login requirements by directly navigating to the
main page.
<br> <strong>Published:</strong>
February 13, 2025; 5:15:11 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-6">
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-22896"
id="cveDetailAnchor-7">CVE-2025-22896</a></strong> - mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
<br> <strong>Published:</strong>
February 13, 2025; 5:15:11 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-7">
<span id="cvss3-link-7"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-22896&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-7" aria-label="V3 score for CVE-2025-22896">7.5 HIGH</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-23411"
id="cveDetailAnchor-8">CVE-2025-23411</a></strong> - mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website.
<br> <strong>Published:</strong>
February 13, 2025; 5:15:11 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-8">
<span id="cvss3-link-8"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-23411&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-8" aria-label="V3 score for CVE-2025-23411">6.5 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-24865"
id="cveDetailAnchor-9">CVE-2025-24865</a></strong> - The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
<br> <strong>Published:</strong>
February 13, 2025; 5:15:12 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-9">
<span id="cvss3-link-9"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-24865&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST"
class="label label-critical" data-testid="vuln-cvss3-link-9" aria-label="V3 score for CVE-2025-24865">9.8 CRITICAL</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-25067"
id="cveDetailAnchor-10">CVE-2025-25067</a></strong> - mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
<br> <strong>Published:</strong>
February 13, 2025; 5:15:12 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-10">
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2024-13682"
id="cveDetailAnchor-11">CVE-2024-13682</a></strong> - The Wallet System for WooCommerce Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incor...
<a
href="/vuln/detail/CVE-2024-13682#vulnDescriptionTitle">read CVE-2024-13682</a><br> <strong>Published:</strong>
March 04, 2025; 4:15:09 AM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-11">
<span id="cvss3-link-11"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-13682&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N&amp;version=3.1&amp;source=Wordfence"
class="label label-warning" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2024-13682">4.3 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2024-13724"
id="cveDetailAnchor-12">CVE-2024-13724</a></strong> - The Wallet System for WooCommerce Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possibl...
<a
href="/vuln/detail/CVE-2024-13724#vulnDescriptionTitle">read CVE-2024-13724</a><br> <strong>Published:</strong>
March 04, 2025; 4:15:10 AM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-12">
<span id="cvss3-link-12"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-13724&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2024-13724">4.3 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2024-9618"
id="cveDetailAnchor-13">CVE-2024-9618</a></strong> - The Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, &amp; Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due t...
<a
href="/vuln/detail/CVE-2024-9618#vulnDescriptionTitle">read CVE-2024-9618</a><br> <strong>Published:</strong>
March 04, 2025; 4:15:10 AM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-13">
<span id="cvss3-link-13"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-9618&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-13" aria-label="V3 score for CVE-2024-9618">5.4 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2024-45426"
id="cveDetailAnchor-14">CVE-2024-45426</a></strong> - Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
<br> <strong>Published:</strong>
February 25, 2025; 3:15:35 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-14">
<span id="cvss3-link-14"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-45426&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2024-45426">6.5 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-27146"
id="cveDetailAnchor-15">CVE-2025-27146</a></strong> - matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands e...
<a
href="/vuln/detail/CVE-2025-27146#vulnDescriptionTitle">read CVE-2025-27146</a><br> <strong>Published:</strong>
February 25, 2025; 3:15:38 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-15">
<span id="cvss3-link-15"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-27146&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2025-27146">4.3 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-20626"
id="cveDetailAnchor-16">CVE-2025-20626</a></strong> - in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
<br> <strong>Published:</strong>
March 03, 2025; 11:15:13 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-16">
<span id="cvss3-link-16"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-20626&amp;vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2025-20626">7.8 HIGH</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2025-0433"
id="cveDetailAnchor-17">CVE-2025-0433</a></strong> - The Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, &amp; Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in all versions up to, and including, 2.0.7.1 due...
<a
href="/vuln/detail/CVE-2025-0433#vulnDescriptionTitle">read CVE-2025-0433</a><br> <strong>Published:</strong>
March 04, 2025; 4:15:10 AM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-17">
<span id="cvss3-link-17"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-0433&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2025-0433">5.4 MEDIUM</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2022-42966"
id="cveDetailAnchor-18">CVE-2022-42966</a></strong> - An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
<br> <strong>Published:</strong>
November 09, 2022; 3:15:10 PM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-18">
<span id="cvss3-link-18"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2022-42966&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&amp;version=3.1&amp;source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2022-42966">7.5 HIGH</a><br />
</span>
</p>
</div>
</li>
<li>
<div class="col-lg-9">
<p>
<strong><a href="/vuln/detail/CVE-2024-56285"
id="cveDetailAnchor-19">CVE-2024-56285</a></strong> - Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1...
<a
href="/vuln/detail/CVE-2024-56285#vulnDescriptionTitle">read CVE-2024-56285</a><br> <strong>Published:</strong>
January 07, 2025; 6:15:10 AM -0500
</p>
</div>
<div class="col-lg-3">
<p id="severity-score-19">
<span id="cvss3-link-19"> <em>V3.1:</em> <a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-56285&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2024-56285">5.4 MEDIUM</a><br />
</span>
</p>
</div>
</li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="col-md-12 historical-data-area" id="historical-data-area">
<span>
Created
<span id="page-created-date">
<span>September 20, 2022</span>
</span>,
</span>
Updated
<span id="page-updated-date">
<span>August 27, 2024</span>
</span>
</div>
</div>
</div>
</div>
</div>
</div>
</main>
<footer id="footer" role="contentinfo">
<div class="container">
<div class="row">
<div class="col-sm-12">
<ul class="social-list pull-right">
<li class="field-item service-twitter list-horiz"><a
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span>
</a></li>
<li class="field-item service-facebook list-horiz"><a
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-linkedin list-horiz"><a
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-youtube list-horiz"><a
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-rss list-horiz"><a
href="https://www.nist.gov/news-events/nist-rss-feeds"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
</a></li>
<li class="field-item service-govdelivery list-horiz last"><a
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
<i class="fa fa-envelope fa-fw"><span
class="element-invisible">govdelivery</span></i><span class="ext"><span
class="element-invisible"> (link is external)</span></span>
</a></li>
</ul>
<span class="hidden-xs"> <a
title="National Institute of Standards and Technology" rel="home"
class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</span>
</div>
</div>
<div class="row hidden-sm hidden-md hidden-lg">
<div class="col-sm-12">
<a href="https://www.nist.gov"
title="National Institute of Standards and Technology" rel="home"
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</div>
</div>
<div class="row footer-contact-container">
<div class="col-sm-6">
<strong>HEADQUARTERS</strong>
<br>
100 Bureau Drive
<br>
Gaithersburg, MD 20899
<br>
<a href="tel:301-975-2000">(301) 975-2000</a>
<br>
<br>
<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
| <a href="https://www.nist.gov/about-nist/visit"
style="display: inline-block;">Our Other Offices</a>
</div>
<div class="col-sm-6">
<div class="pull-right"
style="text-align:right">
<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
<br>
US-CERT Security Operations Center
<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
<br> Phone: 1-888-282-0870
</div>
</div>
</div>
<div class="row">
<nav title="Footer Navigation" role="navigation"
class="row footer-bottom-links-container">
<!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
<p>
<a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
|
<a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
|
<a href="https://www.nist.gov/privacy">Privacy Program</a>
|
<a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
|
<a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
|
<a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
|
<a href="https://www.nist.gov/foia">FOIA</a>
|
<a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
|
<a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
|
<a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
|
<a href="https://www.commerce.gov/">Commerce.gov</a>
|
<a href="https://www.science.gov/">Science.gov</a>
|
<a href="https://www.usa.gov/">USA.gov</a>
</p>
</nav>
</div>
</div>
</footer>
</body>
</html>
Reference in a new issue Copy permalink