Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-23265

Summary
Assigner-crafter
Assigner Org ID-4ff2b028-869f-4b00-a7b2-05997f6f14fd
Published At-16 May, 2022 | 17:05
Updated At-16 Sep, 2024 | 20:36
Rejected At-
Credits

Improper Privilege Management in Crafter Studio

A logged-in and authenticated user with a Reviewer Role may lock a content item.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:crafter
Assigner Org ID:4ff2b028-869f-4b00-a7b2-05997f6f14fd
Published At:16 May, 2022 | 17:05
Updated At:16 Sep, 2024 | 20:36
Rejected At:
▼CVE Numbering Authority (CNA)
Improper Privilege Management in Crafter Studio

A logged-in and authenticated user with a Reviewer Role may lock a content item.

Affected Products
Vendor
Crafter Software
Product
Crafter CMS
Versions
Affected
  • From 3.1 through 3.1.17 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Faizan Ahmad Wani
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
x_refsource_MISC
Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
x_refsource_MISC
x_transferred
Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@craftersoftware.com
Published At:16 May, 2022 | 17:15
Updated At:30 Aug, 2022 | 16:09

A logged-in and authenticated user with a Reviewer Role may lock a content item.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
craftercms
craftercms
>>crafter_cms>>Versions from 3.1(inclusive) to 3.1.18(exclusive)
cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-269Secondarysecurity@craftersoftware.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: security@craftersoftware.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601security@craftersoftware.com
Vendor Advisory
Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051601
Source: security@craftersoftware.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2021-23261
Matching Score-8
Assigner-Crafter CMS
ShareView Details
Matching Score-8
Assigner-Crafter CMS
CVSS Score-4.5||MEDIUM
EPSS-0.37% / 58.16%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 15:40
Updated-17 Sep, 2024 | 01:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Overriding the system configuration file causes a denial of service

Authenticated administrators may override the system configuration file and cause a denial of service.

Action-Not Available
Vendor-craftercmsCrafter Software
Product-crafter_cmsCrafter CMS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-2433
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 9.41%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 17:51
Updated-12 Aug, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Cloud NGFWPAN-OSPrisma Accessprisma_accesspan-oscloud_ngfw
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-3257
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.99%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Action-Not Available
Vendor-Debian GNU/LinuxMariaDB FoundationOracle Corporation
Product-mariadbdebian_linuxmysqlMySQL Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12528
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 21:15
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.

Action-Not Available
Vendor-mbconnectlineMB connect line
Product-mymbconnect24mbconnect24mymbCONNECT24mbCONNECT24
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-12422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.74%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-storagegrid_webscalen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-8219
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.

Action-Not Available
Vendor-n/aCloud Foundry
Product-capi-releasecf-releaseCloud Foundry
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-10000
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.7||HIGH
EPSS-0.37% / 57.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_reporting_and_analyticsHospitality Reporting and Analytics
CWE ID-CWE-269
Improper Privilege Management
Details not found