{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3113", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "state": "PUBLISHED", "assignerShortName": "Perforce", "dateReserved": "2025-04-02T10:24:35.710Z", "datePublished": "2025-04-17T06:41:47.667Z", "dateUpdated": "2025-04-17T19:00:48.208Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Continuous Compliance, Containerized Masking", "product": "Delphix", "vendor": "Perforce", "versions": [{"lessThan": "2025.2.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-04-17T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.</span><br>"}], "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-04-17T06:50:51.255Z"}, "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Access Control in Delphix Masking Engine", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T18:41:49.910846Z", "id": "CVE-2025-3113", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:00:48.208Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T18:41:49.910846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:52:53.347Z"}}], "cna": {"title": "Improper Access Control in Delphix Masking Engine", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Perforce", "product": "Delphix", "versions": [{"status": "affected", "version": "0", "lessThan": "2025.2.0.1", "versionType": "custom"}], "packageName": "Continuous Compliance, Containerized Masking", "defaultStatus": "unaffected"}], "datePublic": "2025-04-17T04:00:00.000Z", "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-04-17T06:50:51.255Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3113", "state": "PUBLISHED", "dateUpdated": "2025-04-17T19:00:48.208Z", "dateReserved": "2025-04-02T10:24:35.710Z", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "datePublished": "2025-04-17T06:41:47.667Z", "assignerShortName": "Perforce"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets."}, {"lang": "es", "value": "Un usuario v\u00e1lido y autenticado con suficientes privilegios y que conozca la configuraci\u00f3n de la base de datos interna de Continuous Compliance puede aprovechar la funcionalidad de conector integrada de la aplicaci\u00f3n para acceder a dicha base de datos. Esto le permite explorar el esquema de la base de datos interna y exportar sus datos, incluyendo las propiedades de los conectores y los conjuntos de reglas."}], "id": "CVE-2025-3113", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@puppet.com", "type": "Secondary"}]}, "published": "2025-04-17T07:15:43.790", "references": [{"source": "security@puppet.com", "url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@puppet.com", "type": "Secondary"}]}

{}

{}