#ExploitObserverAlert
CVE-2019-12409
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2019-12409. The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
FIRST-EPSS: 0.057530000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-12409
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2019-12409. The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
FIRST-EPSS: 0.057530000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3602
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2022-3602. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
FIRST-EPSS: 0.023270000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-3602
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2022-3602. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
FIRST-EPSS: 0.023270000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-42287
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.926130000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-42287
DESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.926130000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-1732
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2021-1732. Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
FIRST-EPSS: 0.006840000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-1732
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2021-1732. Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
FIRST-EPSS: 0.006840000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2003-0127
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2003-0127. The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
FIRST-EPSS: 0.000430000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2003-0127
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2003-0127. The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
FIRST-EPSS: 0.000430000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-26857
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2021-26857. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.456740000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-26857
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2021-26857. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.456740000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2014-0160
DESCRIPTION: Exploit Observer has 650 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975180000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2014-0160
DESCRIPTION: Exploit Observer has 650 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975180000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0296
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2018-0296. A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
FIRST-EPSS: 0.973590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-0296
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2018-0296. A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
FIRST-EPSS: 0.973590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-21975
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2021-21975. Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
FIRST-EPSS: 0.968460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-21975
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2021-21975. Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
FIRST-EPSS: 0.968460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-1066
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2020-1066. An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-1066
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2020-1066. An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-13935
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2020-13935. The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
FIRST-EPSS: 0.168170000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-13935
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2020-13935. The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
FIRST-EPSS: 0.168170000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2010-0232
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2010-0232. The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the
CVE-2010-0232
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2010-0232. The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the
#ExploitObserverAlert
CVE-2019-8451
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2019-8451. The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
FIRST-EPSS: 0.971150000
NVD-IS: 2.5
NVD-ES: 3.9
CVE-2019-8451
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2019-8451. The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
FIRST-EPSS: 0.971150000
NVD-IS: 2.5
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8581
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2018-8581. An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
FIRST-EPSS: 0.034210000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2018-8581
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2018-8581. An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
FIRST-EPSS: 0.034210000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2020-3153
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
FIRST-EPSS: 0.000830000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2020-3153
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
FIRST-EPSS: 0.000830000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2018-8174
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2018-8174. A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.974410000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8174
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2018-8174. A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.974410000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2019-19781
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2019-19781. An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
FIRST-EPSS: 0.975070000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-19781
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2019-19781. An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
FIRST-EPSS: 0.975070000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-2890
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2019-2890. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.249110000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2019-2890
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2019-2890. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.249110000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-33629
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33629. H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.
FIRST-EPSS: 0.005340000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-33629
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-33629. H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.
FIRST-EPSS: 0.005340000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-2975
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2975. Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be mislead by removing
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.
As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.
FIRST-EPSS: 0.002780000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-2975
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-2975. Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be mislead by removing
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.
As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.
FIRST-EPSS: 0.002780000
NVD-IS: 1.4
NVD-ES: 3.9