{"containers": {"cna": {"affected": [{"product": "MaLion for Windows", "vendor": "Intercom, Inc.", "versions": [{"status": "affected", "version": "5.2.1 and earlier (only when \"Remote Control\" is installed)"}]}, {"product": "MaLion for Mac", "vendor": "Intercom, Inc.", "versions": [{"status": "affected", "version": "4.0.1 to 5.2.1 (only when \"Remote Control\" is installed)"}]}], "datePublic": "2017-08-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "MaLion for Windows 5.2.1 and earlier (only when \"Remote Control\" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when \"Remote Control\" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent."}], "problemTypes": [{"descriptions": [{"description": "Authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-11T01:57:01.000Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.intercom.co.jp/information/2017/0801.html"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/vu/JVNVU91587298/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2017-10815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MaLion for Windows", "version": {"version_data": [{"version_value": "5.2.1 and earlier (only when \"Remote Control\" is installed)"}]}}, {"product_name": "MaLion for Mac", "version": {"version_data": [{"version_value": "4.0.1 to 5.2.1 (only when \"Remote Control\" is installed)"}]}}]}, "vendor_name": "Intercom, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MaLion for Windows 5.2.1 and earlier (only when \"Remote Control\" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when \"Remote Control\" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.intercom.co.jp/information/2017/0801.html", "refsource": "MISC", "url": "http://www.intercom.co.jp/information/2017/0801.html"}, {"name": "https://jvn.jp/en/vu/JVNVU91587298/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/vu/JVNVU91587298/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.095Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.intercom.co.jp/information/2017/0801.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/vu/JVNVU91587298/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2017-10815", "datePublished": "2017-08-04T16:00:00.000Z", "dateReserved": "2017-07-04T00:00:00.000Z", "dateUpdated": "2024-08-05T17:50:12.095Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intercom:malion:*:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "4B1C3A9B-1A0C-4E71-9532-4F6026CC935B", "versionEndIncluding": "5.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intercom:malion:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BAB50670-B628-4109-8CB8-AC1B9A6071F1", "versionEndIncluding": "5.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MaLion for Windows 5.2.1 and earlier (only when \"Remote Control\" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when \"Remote Control\" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent."}, {"lang": "es", "value": "MaLion para Windows versi\u00f3n 5.2.1 y anteriores (solo cuando se instala \"Remote Control\") y MaLion para Mac versi\u00f3n 4.0.1 hasta 5.2.1 (solo cuando se instala \"Remote Control\") permiten a los atacantes remotos omitir la autenticaci\u00f3n para ejecutar comandos u operaciones arbitrarias en el Agente Terminal."}], "id": "CVE-2017-10815", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-04T16:29:00.183", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://www.intercom.co.jp/information/2017/0801.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU91587298/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.intercom.co.jp/information/2017/0801.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/vu/JVNVU91587298/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}