CVE-2023-37219 - OpenCVE

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tadirantele	Aeonix

Configuration 1 [-]

cpe:2.3:a:tadirantele:aeonix:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2023-07-30T10:40:47.944Z

Updated: 2023-07-30T10:40:47.944Z

Reserved: 2023-06-28T20:35:37.791Z

Link: CVE-2023-37219

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-30T11:15:09.947

Modified: 2023-08-04T16:30:43.220

Link: CVE-2023-37219

JSON object: View

Redhat Information

No data.

CWE

CWE-1236

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-37219", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2023-06-28T20:35:37.791Z", "datePublished": "2023-07-30T10:40:47.944Z", "dateUpdated": "2023-07-30T10:40:47.944Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Telecom Composit", "vendor": "Tadiran", "versions": [{"lessThan": "Upgrade to the latest version.", "status": "affected", "version": "version 6.0.0.8 ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gad Abuhatziera "}], "datePublic": "2023-07-30T10:39:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}], "value": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-07-30T10:40:47.944Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the latest version.</span>\n\n<br>"}], "value": "\nUpgrade to the latest version.\n\n\n"}], "source": {"advisory": "ILVN-2023-0121", "discovery": "UNKNOWN"}, "title": " Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}