cvelist/2020/14xxx/CVE-2020-14490.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2020-07-02T00:00:00.000Z",
        "ID": "CVE-2020-14490",
        "STATE": "PUBLIC",
        "TITLE": "OpenClinic GA"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "OpenClinic GA",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.09.02"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.89.05b"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "open source"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Brian D. Hysell reported these vulnerabilities to CISA."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",
                "name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"
            }
        ]
    },
    "source": {
        "advisory": "ICSMA-20-184-01 OpenClinic GA",
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."
        }
    ]
}
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2020-07-29 13:01:36 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC": "2020-07-02T00:00:00.000Z",`
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`"ID": "CVE-2020-14490",`
"-Synchronized-Data." 2020-07-29 13:01:36 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "OpenClinic GA"`
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`},`
"-Synchronized-Data." 2020-07-29 13:01:36 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "OpenClinic GA",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "5.09.02"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "5.89.05b"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "open source"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Brian D. Hysell reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-07-29 13:01:36 +00:00			`"value": "OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files."`
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`}`
			`]`
"-Synchronized-Data." 2020-07-29 13:01:36 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"url": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01",`
			`"name": "https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ICSMA-20-184-01 OpenClinic GA",`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes."`
			`}`
			`]`
"-Synchronized-Data." 2020-06-19 17:02:01 +00:00			`}`