CVE-2023-37219 - OpenCVE

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tadirantele	Aeonix

Configuration 1 [-]

cpe:2.3:a:tadirantele:aeonix:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-07-30T10:40:47.944Z

Updated: 2024-08-02T17:09:33.260Z

Reserved: 2023-06-28T20:35:37.791Z

Link: CVE-2023-37219

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-30T11:15:09.947

Modified: 2023-08-04T16:30:43.220

Link: CVE-2023-37219

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37219", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2023-06-28T20:35:37.791Z", "datePublished": "2023-07-30T10:40:47.944Z", "dateUpdated": "2024-08-02T17:09:33.260Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Telecom Composit", "vendor": "Tadiran", "versions": [{"lessThan": "Upgrade to the latest version.", "status": "affected", "version": "version 6.0.0.8 ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gad Abuhatziera "}], "datePublic": "2023-07-30T10:39:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}], "value": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-07-30T10:40:47.944Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the latest version.</span>\n\n<br>"}], "value": "\nUpgrade to the latest version.\n\n\n"}], "source": {"advisory": "ILVN-2023-0121", "discovery": "UNKNOWN"}, "title": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.260Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}]}}