cvelist/2018/15xxx/CVE-2018-15612.json

{
    "CVE_data_meta": {
        "ASSIGNER": "securityalerts@avaya.com",
        "ID": "CVE-2018-15612",
        "STATE": "PUBLIC",
        "TITLE": "Orchestration Designer Runtime Config CSRF"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Orchestration Designer",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions up to 7.2.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Avaya"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://downloads.avaya.com/css/P8/documents/101052293",
                "refsource": "CONFIRM",
                "url": "https://downloads.avaya.com/css/P8/documents/101052293"
            }
        ]
    },
    "source": {
        "advisory": "ASA-2018-278"
    }
}
- Synchronized data. 2018-08-21 11:06:54 -04:00			`{`
"-Synchronized-Data." 2019-03-18 02:03:56 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "securityalerts@avaya.com",`
			`"ID": "CVE-2018-15612",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Orchestration Designer Runtime Config CSRF"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Orchestration Designer",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions up to 7.2.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Avaya"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
Initial public release of CVE-2018-15612 and CVE-2018-15613 for ASA-2018-278 2018-09-21 09:51:46 -06:00			`{`
"-Synchronized-Data." 2019-03-18 02:03:56 +00:00			`"lang": "eng",`
			`"value": "A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1."`
Initial public release of CVE-2018-15612 and CVE-2018-15613 for ASA-2018-278 2018-09-21 09:51:46 -06:00			`}`
"-Synchronized-Data." 2019-03-18 02:03:56 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.3,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-352: Cross-Site Request Forgery (CSRF)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://downloads.avaya.com/css/P8/documents/101052293",`
			`"refsource": "CONFIRM",`
			`"url": "https://downloads.avaya.com/css/P8/documents/101052293"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ASA-2018-278"`
			`}`
			`}`