cvelist/2011/0xxx/CVE-2011-0467.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@suse.com",
        "DATE_PUBLIC": "2011-02-25T00:00:00.000Z",
        "ID": "CVE-2011-0467",
        "STATE": "PUBLIC",
        "TITLE": "SQL injection in SUSE studio via select parameter"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "SUSE Studio Onsite",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "1.0.3-0.18.1"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "SUSE Studio Onsite 1.1 Appliance",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "1.1.2-0.25.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "SUSE"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Matthias Weckbecker of SUSE"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",
                "refsource": "CONFIRM",
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"
            },
            {
                "name": "https://www.suse.com/security/cve/CVE-2011-0467/",
                "refsource": "CONFIRM",
                "url": "https://www.suse.com/security/cve/CVE-2011-0467/"
            }
        ]
    },
    "source": {
        "advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",
        "defect": [
            "675039"
        ],
        "discovery": "INTERNAL"
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 02:14:07 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@suse.com",`
			`"DATE_PUBLIC": "2011-02-25T00:00:00.000Z",`
			`"ID": "CVE-2011-0467",`
			`"STATE": "PUBLIC",`
			`"TITLE": "SQL injection in SUSE studio via select parameter"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "SUSE Studio Onsite",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_value": "1.0.3-0.18.1"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "SUSE Studio Onsite 1.1 Appliance",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_value": "1.1.2-0.25.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "SUSE"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Matthias Weckbecker of SUSE"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
Information for CVE-2011-0467 2018-06-07 16:03:58 +02:00			`{`
"-Synchronized-Data." 2019-03-18 02:14:07 +00:00			`"lang": "eng",`
			`"value": "A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1."`
Information for CVE-2011-0467 2018-06-07 16:03:58 +02:00			`}`
"-Synchronized-Data." 2019-03-18 02:14:07 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://bugzilla.suse.com/show_bug.cgi?id=675039",`
			`"refsource": "CONFIRM",`
			`"url": "https://bugzilla.suse.com/show_bug.cgi?id=675039"`
			`},`
			`{`
			`"name": "https://www.suse.com/security/cve/CVE-2011-0467/",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.suse.com/security/cve/CVE-2011-0467/"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "https://www.suse.com/security/cve/CVE-2011-0467/",`
			`"defect": [`
			`"675039"`
			`],`
			`"discovery": "INTERNAL"`
			`}`
			`}`