24h | 7d | 30d

CVE-2025-3113

Overview

  • Perforce
  • Delphix
  • Continuous Compliance, Containerized Masking
17 Apr 2025
Published
17 Apr 2025
Updated
CVSS v4.0
CRITICAL (9.0)
EPSS
0.04%
KEV

Description

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

Statistics

  • 1 Post

Fediverse

Profile picture
cR0w :cascadia: @cR0w

Perforce with a couple CVEs today.

portal.perforce.com/s/detail/a

sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.

nvd.nist.gov/vuln/detail/CVE-2

portal.perforce.com/s/detail/a

sev:HIGH 8.5 - CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 21 hours ago
Showing 21 to 21 of 21 CVEs