CVE-2023-52096

{"id": "CVE-2023-52096", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T23:15:07.947", "references": [{"url": "https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/steve-community/ocpp-jaxb/issues/13", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/steve-community/steve/issues/1292", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/steve-community/ocpp-jaxb/issues/13", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/steve-community/steve/issues/1292", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records."}, {"lang": "es", "value": "SteVe Community ocpp-jaxb anterior a 0.0.8 genera marcas de tiempo no v\u00e1lidas, como las del mes 00 en determinadas situaciones (como cuando una aplicaci\u00f3n recibe un Open Charge Point Protocol de StartTransaction con un par\u00e1metro de marca de tiempo de 1000000). Esto puede provocar una excepci\u00f3n de SQL en las aplicaciones y puede socavar la integridad de los registros de transacciones."}], "lastModified": "2024-11-21T08:39:09.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00CEA40C-5001-4C81-A9C8-45DA784BBEEA", "versionEndExcluding": "0.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}