{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-30T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:2674", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"name": "RHSA-2017:2675", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7552", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:2674", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"name": "RHSA-2017:2675", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:11.972Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:2674", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"name": "RHSA-2017:2675", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7552", "datePublished": "2017-09-28T20:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "E67D227E-8AAE-4C87-8318-B6E465CA44CF", "versionEndIncluding": "4.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el editor de archivos de milicore que afecta a las versiones anteriores a la 3.19.0 y a las versiones 4.x anteriores a la 4.5.0, lo que permite que los archivos se ejecuten y se creen. Un atacante podr\u00eda aprovechar esta vulnerabilidad para comprometer otros proyectos de usuarios o equipos almacenados en el sistema de control de c\u00f3digo fuente (SCM) de la instalaci\u00f3n RHMAP Core."}], "id": "CVE-2017-7552", "lastModified": "2024-11-21T03:32:09.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-29T01:34:50.373", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Tomas Rzepka for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "fh-system-dump-tool-0:1.0.0-5.el7", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "fping-0:3.10-4.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "nagios-0:4.0.8-8.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "nagios-plugins-0:2.0.3-3.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "perl-Crypt-CBC-0:2.33-2.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "perl-Crypt-DES-0:2.05-20.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "perl-Net-SNMP-0:6.0.1-7.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "phantomjs-0:1.9.7-3.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "python-meld3-0:0.6.10-1.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "qstat-0:2.11-13.20080912svn311.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "radiusclient-ng-0:0.5.6-9.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "redis-0:2.8.21-2.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "rhmap-fh-openshift-templates-0:4.5.0-11.el7", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "rhmap-mod_authnz_external-0:3.3.1-7.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "sendEmail-0:1.56-2.el7", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "ssmtp-0:2.64-14.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2674", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "supervisor-0:3.1.3-3.el7map", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}, {"advisory": "RHSA-2017:2675", "cpe": "cpe:/a:redhat:mobile_application_platform:4.5", "package": "rhmap45/fh-aaa:1.0.5-12", "product_name": "Red Hat Mobile Application Platform 4.5", "release_date": "2017-09-18T00:00:00Z"}], "bugzilla": {"description": "RHMAP Millicore IDE allows RCE on SCM", "id": "1477797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H", "status": "verified"}, "details": ["A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.", "A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."], "name": "CVE-2017-7552", "public_date": "2017-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7552\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7552"], "threat_severity": "Moderate", "upstream_fix": "fh-scm 3.19.0, fh-scm 4.5.0"}