CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1300 – Open redirect in CodeChecker web server
https://notcve.org/view.php?id=CVE-2025-1300
28 Feb 2025 — CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway. This issue affects CodeChecker: through 6.24.5. • https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53829 – Cross-Site Request Forgery in CodeChecker API
https://notcve.org/view.php?id=CVE-2024-53829
21 Jan 2025 — CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to bein... • https://github.com/Ericsson/codechecker/security/advisories/GHSA-f8c8-4pm7-w885 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10082
https://notcve.org/view.php?id=CVE-2024-10082
06 Nov 2024 — CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything tha... • https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7 • CWE-305: Authentication Bypass by Primary Weakness CWE-330: Use of Insufficiently Random Values CWE-842: Placement of User into Incorrect Group •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10081
https://notcve.org/view.php?id=CVE-2024-10081
06 Nov 2024 — CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. • https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-420: Unprotected Alternate Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25009 – Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25009
20 Aug 2024 — Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-packet-core-controller-pcc-august-2024 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25008 – Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25008
16 Aug 2024 — Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49793 – Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
https://notcve.org/view.php?id=CVE-2023-49793
24 Jun 2024 — CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same p... • https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25007 – Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability
https://notcve.org/view.php?id=CVE-2024-25007
04 Apr 2024 — Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. Ericsson Network Manager (ENM), versiones anteriores a la 23.1, contiene una vulnerabilidad en la función de exportación ... • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39909
https://notcve.org/view.php?id=CVE-2023-39909
07 Dec 2023 — Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Ericsson Network Manager anterior a 23.2 maneja mal el control de acceso y, por lo tanto, los usuarios no autenticados con pocos privilegios pueden acceder a la aplicación NCM. • https://www.gruppotim.it/it/footer/red-team.html •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47531
https://notcve.org/view.php?id=CVE-2022-47531
05 Dec 2023 — An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. Se descubrió un problema en las versiones 3.x anteriores a 3.25 y 2.x anteriores a 2.16 de Ericsson Evolved Packet Gateway (EPG), que permite a los usuarios autenticados omitir la Interfaz de Línea de Comandos (CLI) del sistema y ejecutar comandos que están autorizados a e... • https://www.gruppotim.it/it/footer/red-team.html •