admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2013/CVE-2013-45xx/CVE-2013-4521.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

283 lines
10 KiB
JSON
Raw Blame History

{
"id": "CVE-2013-4521",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-02-06T16:15:11.087",
"lastModified": "2024-11-21T01:55:43.977",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de RichFaces en Nuxeo Platform versi\u00f3n 5.6.0 anterior a HF27 y versi\u00f3n 5.8.0 anterior a HF-01, no restringe las clases para las que los m\u00e9todos de deserializaci\u00f3n pueden ser llamados, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de datos serializados dise\u00f1ados. NOTA: esta vulnerabilidad puede solaparse con CVE-2013-2165."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "42899695-FAB5-4F81-86BE-89E3089CBB36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix01:*:*:*:*:*:*",
"matchCriteriaId": "43160374-78C9-41E4-9884-C78ECD42B6AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix02:*:*:*:*:*:*",
"matchCriteriaId": "03A3A542-E589-441A-8A8D-B997C9E028F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix03:*:*:*:*:*:*",
"matchCriteriaId": "E4D3B6C0-EEA6-4BAE-9992-8C439204D03D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix04:*:*:*:*:*:*",
"matchCriteriaId": "2DB7EFE4-DC2D-4DA9-B194-848E2DE3A16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix05:*:*:*:*:*:*",
"matchCriteriaId": "C4AD54AC-9115-4782-8CA1-F278C79A3C66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix06:*:*:*:*:*:*",
"matchCriteriaId": "DA1D0325-34F3-436D-A527-BFDC884E3C8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix07:*:*:*:*:*:*",
"matchCriteriaId": "C6C63873-5E2A-4FFD-9681-F2D6BE281237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix08:*:*:*:*:*:*",
"matchCriteriaId": "BBB4C6A4-E296-4697-BBAE-A862DFAF6665"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix09:*:*:*:*:*:*",
"matchCriteriaId": "71877702-48D7-4EE8-9A7C-C9CEDD63C4A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix10:*:*:*:*:*:*",
"matchCriteriaId": "DCAFE86A-E0A6-44CF-8692-BE75EDDF3700"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix11:*:*:*:*:*:*",
"matchCriteriaId": "74CA7501-3BC6-4227-A865-5D7B378D590A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix12:*:*:*:*:*:*",
"matchCriteriaId": "726CB6C8-73BF-46D7-806E-731325D70A95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix13:*:*:*:*:*:*",
"matchCriteriaId": "DF2D5F08-5993-4900-A543-9ADE64E16755"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix14:*:*:*:*:*:*",
"matchCriteriaId": "2B8F70D1-ED38-4689-8DA9-110972170438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix15:*:*:*:*:*:*",
"matchCriteriaId": "B86C501E-D555-4CAF-AC09-40A35855C218"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix16:*:*:*:*:*:*",
"matchCriteriaId": "F6978E83-F831-4EB9-B3EF-A05FF733E596"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix17:*:*:*:*:*:*",
"matchCriteriaId": "22F818F2-EBFE-48BB-AE44-1F865EE1AC51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix18:*:*:*:*:*:*",
"matchCriteriaId": "D5C523C0-E03D-4E97-AAD8-86E387D95296"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix19:*:*:*:*:*:*",
"matchCriteriaId": "1315D200-164D-4FB6-A46F-6F70AD7C8234"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix20:*:*:*:*:*:*",
"matchCriteriaId": "2B83B5A9-42B7-4B1C-9B58-0298B69B5568"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix21:*:*:*:*:*:*",
"matchCriteriaId": "07030217-791D-4EE2-AD44-B0147B88CCA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix22:*:*:*:*:*:*",
"matchCriteriaId": "9CCEFC5B-EF57-4FBC-AC4C-CBA29103A8AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix23:*:*:*:*:*:*",
"matchCriteriaId": "6E14078D-A0B5-4FC5-B713-A06FE53B38AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix24:*:*:*:*:*:*",
"matchCriteriaId": "C4BE4C3E-FC4C-4A78-A9C1-0FB4D597CA4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix25:*:*:*:*:*:*",
"matchCriteriaId": "FE2ED381-5DF4-4905-9564-7C897F7DD3A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix26:*:*:*:*:*:*",
"matchCriteriaId": "8281BE24-66D7-4F72-B656-6795F6A50AB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nuxeo:nuxeo:5.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AE2E0C2C-0CE4-45F6-A2A4-85D4F21792FF"
}
]
}
]
}
],
"references": [
{
"url": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec",
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink