{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3113", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "state": "PUBLISHED", "assignerShortName": "Perforce", "dateReserved": "2025-04-02T10:24:35.710Z", "datePublished": "2025-04-17T06:41:47.667Z", "dateUpdated": "2025-04-17T19:00:48.208Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Continuous Compliance, Containerized Masking", "product": "Delphix", "vendor": "Perforce", "versions": [{"lessThan": "2025.2.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-04-17T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.</span><br>"}], "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-04-17T06:50:51.255Z"}, "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Access Control in Delphix Masking Engine", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T18:41:49.910846Z", "id": "CVE-2025-3113", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:00:48.208Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T18:41:49.910846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:52:53.347Z"}}], "cna": {"title": "Improper Access Control in Delphix Masking Engine", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Perforce", "product": "Delphix", "versions": [{"status": "affected", "version": "0", "lessThan": "2025.2.0.1", "versionType": "custom"}], "packageName": "Continuous Compliance, Containerized Masking", "defaultStatus": "unaffected"}], "datePublic": "2025-04-17T04:00:00.000Z", "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-04-17T06:50:51.255Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3113", "state": "PUBLISHED", "dateUpdated": "2025-04-17T19:00:48.208Z", "dateReserved": "2025-04-02T10:24:35.710Z", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "datePublished": "2025-04-17T06:41:47.667Z", "assignerShortName": "Perforce"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets."}], "id": "CVE-2025-3113", "lastModified": "2025-04-17T20:21:48.243", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@puppet.com", "type": "Secondary"}]}, "published": "2025-04-17T07:15:43.790", "references": [{"source": "security@puppet.com", "url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@puppet.com", "type": "Secondary"}]}

{}

{}