TippingPoint SMS Vulnerability Inquiries

Trend Response: The SMS is not vulnerable as we don't use the affected version of the curl package. In addition curl is also not permitted from normal user access mode.

CVE-2023-44487

Description: This vulnerability involves a protocol-level weakness in HTTP/2 known as the "Rapid Reset" attack. It allows for a distributed denial-of-service (DDoS) attack by rapidly resetting many streams, leading to server resource exhaustion.

Impact: It allows a remote attacker to exploit the flaw, potentially causing significant disruption to affected servers by consuming their resources.

Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.

Trend Response: The SMS is not vulnerable as we don't currently support HTTP/2. 

CVE-2023-46604

Description: This vulnerability involves a deserialization of untrusted data in the Java OpenWire protocol marshaller, affecting Apache ActiveMQ.

Impact: It allows a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker or client to instantiate any class on the classpath.

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

CVE-2023-48795

Description: This vulnerability involves a protocol-level weakness in the SSH transport protocol with certain OpenSSH extensions. It allows remote attackers to bypass integrity checks, leading to a situation where some packets are omitted during the extension negotiation message. This can result in a connection where some security features are downgraded or disabled, known as the "Terrapin attack."

Impact: It allows a remote attacker to exploit the flaw, potentially leading to a downgrade of security features in the SSH connection, which can compromise the integrity and confidentiality of the data being transmitted.

Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.

Trend Response: This vulnerability was addressed in SMS TOS version 6.2.0.

CVE-2023-50272

Description: This vulnerability involves a security issue in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). It allows for an authentication bypass

Impact: It allows a remote attacker to exploit the flaw, potentially gaining unauthorized access to the affected systems.

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

Trend Response: We don't have an official statement on this topic as iLO is an HP Product. Please see the following page from HP regarding this CVE: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04584en_us&docLocale=en_US

CVE-2023-50387

Description: This vulnerability involves a protocol-level weakness in DNS Security Extensions (DNSSEC) known as the "KeyTrap" vulnerability. It allows remote attackers to cause a denial of service (DoS) by triggering high CPU consumption through DNSSEC responses.

Impact: It allows a remote attacker to exploit the flaw, potentially causing significant disruption to DNS resolvers by consuming their resources during DNSSEC validation.

Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.

Trend Response: The SMS isn't impacted as it does not act as a DNS server that can be queried.

CVE-2023-51385

Description: This vulnerability affects OpenSSH versions prior to 9.6. It is an OS command injection issue that occurs when a user name or host name contains shell metacharacters and is referenced by an expansion token in certain contexts, such as ProxyCommand or LocalCommand directives.

Impact: An attacker who can supply malicious user or host names may execute arbitrary commands, potentially leading to information disclosure, file modification, or denial of service.

Severity: The CVSS score for this vulnerability is 6.5, indicating a medium severity level.

Trend Response: When you connect to SMS using CLI the SMS is the server end of an SSH connection.  SMS does not provide any mechanism for the user to achieve shell login. The CLI login is essentially chroot jail which does not allow the user to fiddle with the ssh_config file on the SMS server. The user is allowed to use SSH command from CLI but they cannot modify the ssh_config file on the disk.

CVE-2023-51467

Description: This vulnerability involves an authentication bypass in Apache OFBiz, a Java-based web framework. It allows attackers to circumvent authentication processes.

Impact: It allows a remote attacker to exploit the flaw, potentially enabling them to execute arbitrary code.

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

Trend Response: The SMS isn't impacted as it does not utilize Apache OfBiz in the product.

CVE-2024-0727

Description: This vulnerability involves a NULL pointer dereference in OpenSSL when processing a maliciously formatted PKCS12 file. The issue arises because OpenSSL does not correctly check for certain fields being NULL in the PKCS12 specification.

Impact:It allows a remote attacker to exploit the flaw by providing a specially crafted PKCS12 file, potentially leading to a Denial of Service (DoS) attack as the application using OpenSSL may crash.

Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.

Trend Response: We are not affected by this OpenSSL vulnerability because we only use OpenSSL's SSL/TLS functions. We don't use those vulnerable OpenSSL functions in our product.

CVE-2024-0762

Description: This vulnerability involves a potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms. It affects various versions of Phoenix SecureCore™ for Intel Kaby Lake, Coffee Lake, Ice Lake, Comet Lake, Tiger Lake, Jasper Lake, Alder Lake, Raptor Lake, and Meteor Lake.

Impact: It allows a local attacker to exploit the flaw, potentially leading to arbitrary code execution due to the buffer overflow..

Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.

Trend Response: We are not affected by this vulnerability as none of these processors are utilized in our product.

CVE-2024-1086

Description: This vulnerability involves a use-after-free issue in the Linux kernel's netfilter: nf_tables component. It occurs when the nft_verdict_init() function allows positive values as drop errors within the hook verdict, leading to a double free vulnerability when NF_DROP is issued with a drop error resembling NF_ACCEPT.

Impact: It allows a local attacker to exploit the flaw, potentially achieving local privilege escalation.

Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.

Trend Response: We are not affected by this vulnerability.

CVE-2024-2876

Description: This vulnerability affects the Email Subscribers by Icegram Express plugin for WordPress (versions up to 5.7.14). It is a SQL injection issue in the run function of the IG_ES_Subscribers_Query class, caused by insufficient escaping of user-supplied parameters and lack of proper query preparation, allowing attackers to inject additional SQL statements.

Impact: An unauthenticated attacker can exploit this flaw to extract sensitive information from the WordPress database, including usernames, email addresses, password hashes, and subscriber lists, potentially leading to account compromise and data breaches.

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

Trend Response: SMS doesn’t use WordPress. Not affected by the reported vulnerability.

CVE-2024-3094

Description: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The liblzma build process extracts a prebuilt object file from a disguised test file in the source code, modifying specific functions in the liblzma library.

Impact: This results in a modified liblzma library that can intercept and alter data interactions with any software linked against it.

Severity: The CVSS score for this vulnerability is 10.0, indicating a critical severity level.

Trend Response: We are not affected by this vulnerability as no affected version of the xz libraries are utilized in our product.

CVE-2024-4603

Description: This vulnerability involves checking excessively long DSA keys or parameters, which can be very slow. Applications using the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to verify DSA public keys or parameters may experience significant delays.

Impact: If the keys or parameters being checked come from an untrusted source, this can lead to a Denial of Service (DoS) attack. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Severity: The CVSS score for this vulnerability is 5.3, indicating a medium severity level.

Trend Response: We are not affected by this vulnerability as we don't use OpenSSL for TLS communications.

CVE-2024-4741

Description: This vulnerability involves the OpenSSL API function SSL_free_buffers, which may cause memory to be accessed that was previously freed in certain situations.

Impact: This can lead to a range of issues, including data corruption, crashes, or the execution of arbitrary code However, only applications that directly call the SSL_free_buffers function are affected.

Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.

Trend Response: The SMS is not affected by this as we don't use the vulnerable function in our product.

CVE-2024-5310

Description: This vulnerability affects JFinalCMS up to version 20221020. It involves the manipulation of the "Title" argument in the /admin/content file, leading to cross-site scripting (XSS).

Impact: The vulnerability can be exploited remotely, allowing attackers to inject malicious scripts into web pages viewed by other users.

Severity: The CVSS score for this vulnerability is 5.1, indicating a medium severity level.

Trend Response: The SMS is not affected by this as we don't use JFinalCMS in our product.

CVE-2024-6387

Description: This vulnerability is a security regression related to CVE-2006-5051, discovered in OpenSSH's server (sshd). It involves a race condition that can lead sshd to handle some signals in an unsafe manner.

Impact: An unauthenticated, remote attacker may exploit this race condition by failing to authenticate within a set time period, potentially leading to arbitrary code execution

Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.

Trend Response: Please see the following Product Bulletin regarding this issue: https://tmc.tippingpoint.com/TMC/ShowDocuments?parentFolderId=announcements&contentId=PB__1100___Product_Advisory_for_CVE_2024_6387__regreSSHion_.pdf

CVE-2024-13176

Description: This vulnerability involves a timing side-channel in ECDSA signature computations, which could potentially allow an attacker to recover the private key.

Impact: To exploit this vulnerability, an attacker would need either local access to the signing application or a very fast network connection with low latency The timing signal is around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero, affecting certain elliptic curves like the NIST P-521.

Severity: The CVSS score for this vulnerability is 4.1, indicating a low severity level.

Trend Response: While the SMS is technically vulnerable, the attack requires physical access to the device and additionally requires service mode shell.

CVE-2024-26925

Description: This vulnerability affects the Linux kernel's netfilter framework, specifically the nf_tables component. It involves the improper release of a mutex during the critical section between nft_gc_seq_begin() and nft_gc_seq_end().

Impact: If the mutex is released prematurely, the asynchronous garbage collection (GC) worker could collect expired objects and acquire the released commit lock within the same GC sequence This could lead to race conditions and potential system instability.

Severity: The CVSS score for this vulnerability is 7.0, indicating a high severity level.

Trend Response: The SMS is not vulnerable as it does not utilize the affected versions.

CVE-2024-27322

Description: This vulnerability affects the R statistical programming language, from version 1.4.0 up to and not including 4.4.0. It involves the deserialization of untrusted data, which can occur when interacting with a maliciously crafted RDS (R Data Serialization) formatted file or R package.

Impact: Exploiting this vulnerability allows an attacker to execute arbitrary code on the end user's system 1 2. This can lead to significant security risks, including unauthorized access and control over the affected system.

Severity: The CVSS score for this vulnerability is 8.8, indicating a high severity level.

Trend Response: The SMS is not vulnerable as it does not utilize the R programming language.

CVE-2024-39894

Description: This vulnerability affects OpenSSH versions 9.5 through 9.7 before 9.8. It involves a timing attack against echo-off password entry (e.g., for su and sudo) due to an ObscureKeystrokeTiming logic error.

Impact: The timing attack can potentially allow an attacker to infer keystroke timings and compromise password security Other timing attacks against keystroke entry could also occur.

Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.

Trend Response: This vulnerability was addressed in the 6.4.0 version of the SMS TOS.

CVE-2024-43856

Description: This vulnerability affects the Linux kernel, specifically the dmam_free_coherent function. It involves a concurrency issue where the function frees a DMA allocation and then calls devres_destroy() to remove the associated data structure.

Impact: If a concurrent task makes an allocation with the same virtual address (vaddr) and adds it to the devres list, devres_destroy() can free the wrong entry, leading to inappropriate resource management This can cause system instability and potential crashes.

Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.

Trend Response: The SMS was only vulnerable to this if attacker gains access to the local shell. Nevertheless, this vulnerability was addressed in the 6.5.0 version of the SMS TOS.

CVE-2024-47175

Description: This vulnerability affects the Common UNIX Printing System (CUPS), specifically the libppd function ppdCreatePPDFromIPP2. It does not sanitize IPP attributes when creating the PPD buffer.

Impact: When combined with other functions like cfGetPrinterAttributes5, this can lead to user-controlled input and potentially remote code execution via Foomatic.

Severity: The CVSS score for this vulnerability is 8.6, indicating a high severity level.

Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.

CVE-2024-47176

Description: This vulnerability affects the Common UNIX Printing System (CUPS), specifically the cups-browsed service. It binds to INADDR_ANY:631, causing it to trust any packet from any source.

Impact: When combined with other vulnerabilities, such as CVE-2024-47076 and CVE-2024-47175, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Severity: The CVSS score for this vulnerability is 8.4, indicating a high severity level.

Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.

CVE-2024-47177

Description: This vulnerability affects the Common UNIX Printing System (CUPS) and its associated cups-filters. Any value passed to the FoomaticRIPCommandLine via a PPD file will be executed as a user-controlled command.

Impact: When combined with other logic bugs, such as those described in CVE-2024-47176, this can lead to remote command execution 1 2. This means an attacker could potentially execute arbitrary commands on the affected system.

Severity: The CVSS score for this vulnerability is 9.0, indicating a critical severity level.

Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.

CVE-2024-50379

Description: This vulnerability affects Apache Tomcat versions 9.0.0.M1 through 9.0.97, 10.1.0-M1 through 10.1.33, and 11.0.0-M1 through 11.0.1. It involves a Time-of-check Time-of-use (TOCTOU) race condition during JSP compilation.

Impact: This race condition can permit remote code execution (RCE) on case-insensitive file systems when the default servlet is enabled for write (non-default configuration).

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

Trend Response: The SMS is not vulnerable as it does not utilize Apache Tomcat.

CVE-2025-1094

Description: This vulnerability affects PostgreSQL versions before 17.3, 16.7, 15.11, 14.16, and 13.19. It involves improper neutralization of quoting syntax in PostgreSQL libpq functions (PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn()), which allows a database input provider to achieve SQL injection in certain usage patterns.

Impact: SQL injection can occur if the application uses the function result to construct input to psql, the PostgreSQL interactive terminal 1 2. Additionally, improper neutralization of quoting syntax in PostgreSQL command line utility programs can lead to SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL.

Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.

Trend Response: The SMS is not vulnerable as it does not utilize PostgresSQL.

CVE-2025-0167

Description: This vulnerability affects curl versions 7.76.0 through 8.11.1. It is a credential leakage issue that occurs when curl is configured to use a .netrc file for credentials and follows HTTP redirects. Under specific conditions—when the .netrc file contains a default entry that omits both login and password—curl may inadvertently send the password intended for the first host to a redirected host.

Impact: An attacker controlling a redirect target could receive sensitive credentials, potentially exposing authentication information to unauthorized parties. Exploitation requires a rare configuration scenario, making the likelihood low, but the impact involves credential disclosure.

Severity: The CVSS score for this vulnerability is 3.4, indicating a low severity level.

Trend Response: SMS does not use curl for any of its functions when running.  It is there on a disk to be used during service access only.  It cannot be used from CLI.  Also the file .netrc required to exploit this CVE does not exist on the SMS.  So SMS is not vulnerable to this CVE.

CVE-2025-9230

Description: This vulnerability affects OpenSSL versions 1.0.2, 1.1.1, and 3.0 through 3.5. It involves an out-of-bounds read and write in the kek_unwrap_key() function during CMS decryption using password-based encryption (PWRI). The flaw is due to improper key length validation, which can lead to memory corruption.

Impact: An attacker could exploit this flaw to crash the application or potentially execute arbitrary code, depending on the memory layout. The vulnerability is only triggered when processing attacker-controlled CMS messages using PWRI, which is rarely used in practice.

Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.

Trend Response: The SMS is not vulnerable as it does not utilize password-based encryption.

CVE-2025-9231

Description: This vulnerability affects OpenSSL versions 3.2 through 3.5 on ARM64 platforms. It involves a timing side-channel in the SM2 signature algorithm due to non-constant-time modular inversion, which can leak timing information during cryptographic operations.

Impact: A remote attacker could potentially recover private keys by analyzing timing variations in signature generation, especially in environments where many signatures are generated rapidly.

Severity: The CVSS score for this vulnerability is 6.5, indicating a medium severity level.

Trend Response: This vulnerability requires certificates with SM2 keys to be used. The SMS does not use OpenSSL in this manner so it is not vulnerable.

CVE-2025-9232

Description: This vulnerability affects OpenSSL versions 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0, and 3.5.0. It involves an out-of-bounds read in the HTTP client API when the no_proxy environment variable is set and the target URL contains an IPv6 address. The issue arises from a missing null terminator in a copied string.

Impact: An attacker could craft a malicious URL that causes a crash in applications using the OpenSSL HTTP client, resulting in denial of service. Exploitation requires control over the URL and specific proxy configurations.

Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.

Trend Response: This vulnerability is applicable for HTTP clients using OpenSSL. The SMS does not use OpenSSL for HTTP, so it is not vulnerable.

CVE-2025-21756

Description: This vulnerability affects the Linux kernel’s vsock (Virtual Socket) implementation in versions prior to 6.6.79, 6.12.16, 6.13.4, and 6.14-rc1. It is a use-after-free issue caused by improper handling of socket bindings during transport reassignment and destruction, which can lead to memory corruption when creating, binding, or releasing sockets.

Impact: A local attacker with the ability to create and manipulate vsock sockets can exploit this flaw to escalate privileges to root, execute arbitrary code in kernel context, or cause a denial of service by crashing the system. Public proof-of-concept exploits exist, increasing the urgency to patch.

Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.

Trend Response: The attack vector of the vulnerability is Local. Therefore, to exploit this the attacker needs to have root access which is only available through service mode.

CVE-2025-24813

Description: This vulnerability affects Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0-M1 through 10.1.34, and 11.0.0-M1 through 11.0.2. It involves a path equivalence issue where the file.Name (Internal Dot) can lead to remote code execution, information disclosure, or the addition of malicious content to uploaded files.

Impact: If certain conditions are met, such as enabling writes for the default servlet and support for partial PUT requests, a malicious user can exploit this vulnerability to view sensitive files, inject content, or execute arbitrary code.

Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.

Trend Response: The SMS is not vulnerable as it does not utilize Apache Tomcat.

CVE-2025-26465

Description: This vulnerability involves an issue in OpenSSH when the VerifyHostKeyDNS option is enabled. It allows a machine-in-the-middle attack by a malicious machine impersonating a legitimate server.

Impact: It allows a remote attacker to exploit the flaw, potentially leading to unauthorized control over the SSH connection. The attack complexity is high as the attacker needs to exhaust the client's memory resources first.

Severity: The CVSS score for this vulnerability is 6.8, indicating a medium severity level.

Trend Response: This vulnerability was addressed in SMS TOS version 6.5.0.

CVE-2025-26466

Description: This vulnerability affects OpenSSH. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages  These packets are only freed when the server/client key exchange has finished.

Impact: A malicious client can keep sending such packets, leading to uncontrolled memory consumption on the server side This can result in a denial of service (DoS) attack, making the server unavailable.

Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.

Trend Response: This vulnerability was addressed in SMS TOS version 6.5.0.

CVE-2025-29774

Description: This vulnerability affects the xml-crypto library for Node.js. Versions prior to 6.0.1, 3.2.1, and 2.1.6 are susceptible to an authentication bypass  An attacker can modify a valid signed XML message in a way that still passes signature verification checks.

Impact: This could allow an attacker to alter critical identity or access control attributes, potentially escalating privileges or impersonating another user.

Severity: The CVSS score for this vulnerability is 9.3, indicating a critical severity level.

Trend Response: The SMS is not vulnerable as it does not utilize Node.js.

CVE-2025-32728

Description: This vulnerability affects OpenSSH versions before 10.0. The DisableForwarding directive in the sshd_config file does not function as documented, allowing X11 and agent forwarding even when it is set to "yes".

Impact: This can lead to unauthorized information disclosure and potential unauthorized access  An attacker can exploit this by enabling agent forwarding and X11 display forwarding despite the directive's intended restrictions.

Severity: The CVSS score for this vulnerability is 4.3, indicating a medium severity level.

Trend Response: The SMS is not vulnerable as it does not utilize X11 or key based SSH logins.

CVE-2025-40778

Description: This vulnerability affects BIND 9 DNS resolver implementations in versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, and 9.21.0 through 9.21.12 (including corresponding Supported Preview Editions). It is a cache poisoning issue caused by overly permissive acceptance of unsolicited resource records in DNS responses, allowing attackers to inject forged data into the resolver cache.

Impact: A remote attacker can exploit this flaw to poison the DNS cache of affected resolvers, redirecting users to malicious domains or attacker-controlled servers. This compromises the integrity of DNS responses and can lead to large-scale traffic redirection, though it does not directly enable code execution or privilege escalation.

Severity: The CVSS score for this vulnerability is 8.6, indicating a high severity level.

Trend Response: SMS does not have named installed. (BIND recursive resolver) Therefore it is not vulnerable.

CVE-2025-50059

Description: This vulnerability affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (networking component) in versions 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1, and 21.3.14. It is caused by improper handling of HTTP client headers in the networking component, allowing unauthenticated attackers with network access to compromise affected systems.

Impact: Successful exploitation can result in unauthorized access to critical data or complete access to all data accessible by the affected products. This vulnerability primarily impacts confidentiality and applies to Java deployments running untrusted code in sandboxed environments, such as Java Web Start applications or applets.

Severity: The CVSS score for this vulnerability is 8.6, indicating a high severity level.

Trend Response: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). The SMS is not vulnerable.

CVE-2025-61984

Description: This vulnerability affects OpenSSH versions prior to 10.1 and involves improper sanitization of control characters in usernames when expanding the ProxyCommand string.

Impact: It allows a local attacker with knowledge of the SSH configuration and hostname match conditions to exploit the flaw, potentially executing arbitrary commands. This is particularly concerning in environments using SSH proxies or dynamic configuration scripts, where the ProxyCommand is constructed from user input.

Severity: The CVSS score for this vulnerability is 3.6, indicating a low severity level.

Trend Response: SMS is not vulnerable because we do not use ProxyCommand for SSH.