Headline
CVE-2023-2904: Security Center | HID Global
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
Welcome to the HID Global Security Center. We take physical and digital security very seriously, with our experienced teams continuously working to strengthen security across our portfolio. To help this ongoing effort, we welcome input from customers, partners, end-users, and industry experts.
This site is designed to provide a destination for reporting security issues with HID Global products or technologies. Once submitted, our team will work quickly to identify, analyze, and respond to known vulnerabilities and provide action steps to help you manage security risks.
To access information and instructions on how to use the HID Global Security Resources Center, please click on the topics below.
Disclosure Policy
Report Vulnerability
HID Product Security Advisories
Disclosure Policy****HID Global’s Responsible Disclosure Policy
HID Global Corporation’s (“HID” or “HID Global”) mission is to power the trusted identities of the world’s people, places, and things and making it possible for people to transact safely, work productively, and travel freely. We recognize that succeeding in this mission depends on our continued ability to provide secure products, services, and websites.
The importance of the security community is well-recognized within HID, and we welcome disclosures and collaboration with security researchers and others.
If you believe you have found a security vulnerability that could impact HID Global, our customers, or our end users, we ask that you notify us immediately. We will investigate all legitimate reports.
We appreciate your contributions to protecting our customers, users, and businesses.
Scope
All HID Global products, services, and websites are within scope.
Please note that we cannot authorize out-of-scope testing on a third-party products or services. Vulnerabilities discovered in third-party products or services should be reported to appropriate vendor.
Reporting
Please use the form below to report a vulnerability.
Disclosure
- HID Global will follow standard industry practices for coordinated and responsible vulnerability disclosure. We ask all vulnerability reporters to do the same by allowing HID Global the opportunity to remediate reported vulnerabilities and for us to notify our affected customers and users before you disclose or share the vulnerability or methods to exploit with any third party.
- HID Global product security advisories will be made publicly available at https://hidgobal.com/security-center and/or directly communicated to affected customers.
Safe Harbor
HID Global believes that security research performed in good-faith should be provided safe-harbor. Therefore, HID Global will not initiate or recommend any law enforcement or civil lawsuits related to activities conducted in good faith and compliance with all applicable laws, and in a manner consistent with the expectations of this policy.
Expectations
- Make a good faith effort to avoid harm to HID Global, our customers, and our end-users, including, but not limited to: privacy violations, destruction of data, and interruption or degradation of our services.
- Do not access or attempt to access HID Global offices, data centers, or user accounts.
- Do not test for spam, perform phishing, social engineer, or intentionally cause denial of service issues for HID Global services.
- Do not access or attempt to access our customer or end-users’ offices, data centers, user accounts, or attempt other forms of penetration testing without the direct, written approval of the system owner.
- Comply with all applicable laws and regulations; do not disrupt or compromise any data that is not your own, or further exploit a confirmed vulnerability.
- If a vulnerability provides unintended access to data, limit the amount of data you access to the minimum required to demonstrate a proof of concept. After HID validates your report, properly dispose of all copies of the data.
- Promptly report your findings to us through our approved channels.
HID Product Security Advisories
Severity
Identifier
Title
Product
Date
HIGH
HID-PSA-2023-001
SAFE Visitor Manager Portal (CVE-2023-2904)
SAFE
1-JUN-2023
HIGH
HID-PSA-2022-004
OpenSSL (CVE-2022-3602 & CVE-2022-3786)
All
01-NOV-2022
HIGH
HID-PSA-2022-003
BN_mod_sqrt() – Denial of Service
ActivID Authentication
Appliance
09-MAY-2022
CRITICAL
HID-PSA-2022-002
HID SAFE – Yellowfin and SpringShell
HID SAFE versions 5.13
to version 5.17
29-APR-2022
HIGH
HID-PSA-2022-001
iOS Device State Detection
HID Approve
13-APR-2022
CRITICAL
HID-PSA-2021-05v3
Apache Log4j
ActivClient 7.3
05-JAN-2022
CRITICAL
HID-PSA-2021-004v4
Apache Log4j
Authentication Appliance
Authentication Server
17-DEC-2021
CRITICAL
HID-PSA-2021-003v5
Apache Log4j
All
23-DEC-2021
Information
HID-PSA-2021-02
Denial of Service Attacks on Bluetooth® Enabled Readers
HID® iCLASS SE® Readers with a Bluetooth® module,
HID® iCLASS SE® Express & RB25F Readers,
HID® Signo™ Readers,
HID® iCLASS SE® Reader Modules with Bluetooth Low Energy Extender modules,
HID® OMNIKEY® Readers 5x27CK
9-AUG-2021
Information
HID-PSA-2021-01
Microsoft Exchange
None
17-MAR-2021
Information
HID-PSA-2020-003
SolarWinds
None
18-DEC-2020
Active Investigation
HID-PSA-2020-002v3
nRF52 Fault Injection
HID® iCLASS SE® Express R10
HID® iCLASS SE® RB25F
HID® Signo™ Readers (models 20, 40, 20K, 40K, 25B)
5-APR-2021
CRITICAL
HID-PSA-2020-001
CSRF in OMNIKEY 5x27 Desktop Readers
OMNIKEY® 5427 and OMNIKEY 5127 Readers
02-NOV-2020
Related news
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827.
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.
JFrog argues vulnerability risk metrics need complete revamp
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Welcome to this week’s edition of the Threat Source newsletter. I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase
Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.
Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.
Red Hat Security Advisory 2022-7288-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-7288-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Issues addressed include a buffer overflow vulnerability.
By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow * CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow * CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.