Jose Alexis Correa Valencia, Author at AlterPlex

14 Mar 2025

CVE-2024-45643

Título es
CVE-2024-45643

Vie, 14/03/2025 – 15:15

Tipo
CWE-327

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-45643

Descripción en
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://www.ibm.com/support/pages/node/7185938

Enviar en el boletín
Off

14 Mar 2025

CVE-2024-45638

Título es
CVE-2024-45638

Vie, 14/03/2025 – 15:15

Tipo
CWE-256

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-45638

Descripción en
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://www.ibm.com/support/pages/node/7185938

Enviar en el boletín
Off

14 Mar 2025

CVE-2024-47573

Título es
CVE-2024-47573

Vie, 14/03/2025 – 15:15

Tipo
CWE-354

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-47573

Descripción en
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://fortiguard.fortinet.com/psirt/FG-IR-23-461

Enviar en el boletín
Off

14 Mar 2025

CVE-2024-46662

Título es
CVE-2024-46662

Vie, 14/03/2025 – 15:15

Tipo
CWE-77

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-46662

Descripción en
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://fortiguard.fortinet.com/psirt/FG-IR-24-222

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-2000

Título es
CVE-2025-2000

Vie, 14/03/2025 – 13:15

Tipo
CWE-502

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-2000

Descripción en
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://www.ibm.com/support/pages/node/7185949

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-27595

Título es
CVE-2025-27595

Vie, 14/03/2025 – 13:15

Tipo
CWE-328

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27595

Descripción en
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html

https://sick.com/psirt

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

https://www.first.org/cvss/calculator/3.1

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-27594

Título es
CVE-2025-27594

Vie, 14/03/2025 – 13:15

Tipo
CWE-319

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27594

Descripción en
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html

https://sick.com/psirt

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

https://www.first.org/cvss/calculator/3.1

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-2304

Título es
CVE-2025-2304

Vie, 14/03/2025 – 13:15

Tipo
CWE-915

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-2304

Descripción en
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS

When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

14/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
9.40

Gravedad 4.0 txt
CRITICAL

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/owen2345/camaleon-cms

https://www.tenable.com/security/research/tra-2025-09

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-29029

Título es
CVE-2025-29029

Vie, 14/03/2025 – 14:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-29029

Descripción en
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.

14/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/WhereisDoujo/CVE/issues/2

Enviar en el boletín
Off

14 Mar 2025

CVE-2025-29776

Título es
CVE-2025-29776

Vie, 14/03/2025 – 14:15

Tipo
CWE-835

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-29776

Descripción en
Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.

14/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
8.70

Gravedad 4.0 txt
HIGH

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/demergent-labs/azle/releases/tag/0.30.0

https://github.com/demergent-labs/azle/security/advisories/GHSA-xc76-5pf9-mx8m

Enviar en el boletín
Off

Autor: Jose Alexis Correa Valencia