diff --git a/2018/15xxx/CVE-2018-15800.json b/2018/15xxx/CVE-2018-15800.json index 2bbeb44f619..19de440c497 100644 --- a/2018/15xxx/CVE-2018-15800.json +++ b/2018/15xxx/CVE-2018-15800.json @@ -1,84 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-12-06T00:00:00.000Z", - "ID": "CVE-2018-15800", - "STATE": "PUBLIC", - "TITLE": "Timing attack allows extraction of signing key in Bits Service" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-12-06T00:00:00.000Z", + "ID" : "CVE-2018-15800", + "STATE" : "PUBLIC", + "TITLE" : "Timing attack allows extraction of signing key in Bits Service" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Bits Service Release", - "version": { - "version_data": [ + "product_name" : "Bits Service Release", + "version" : { + "version_data" : [ { - "affected": "<", - "version_name": "all versions", - "version_value": "2.18.0" + "affected" : "<", + "version_name" : "all versions", + "version_value" : "2.18.0" } ] } } ] }, - "vendor_name": "Cloud Foundry" + "vendor_name" : "Cloud Foundry" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage." + "lang" : "eng", + "value" : "Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 8.1, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "LOW", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Brute Force" + "lang" : "eng", + "value" : "Brute Force" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2018-15800" + "name" : "https://www.cloudfoundry.org/blog/cve-2018-15800", + "refsource" : "CONFIRM", + "url" : "https://www.cloudfoundry.org/blog/cve-2018-15800" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/1xxx/CVE-2018-1279.json b/2018/1xxx/CVE-2018-1279.json index ea7ed2a39d6..5268fa2c594 100644 --- a/2018/1xxx/CVE-2018-1279.json +++ b/2018/1xxx/CVE-2018-1279.json @@ -1,84 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-12-05T00:00:00.000Z", - "ID": "CVE-2018-1279", - "STATE": "PUBLIC", - "TITLE": "RabbitMQ cluster compromise due to deterministically generated cookie" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-12-05T00:00:00.000Z", + "ID" : "CVE-2018-1279", + "STATE" : "PUBLIC", + "TITLE" : "RabbitMQ cluster compromise due to deterministically generated cookie" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "RabbitMq for PCF", - "version": { - "version_data": [ + "product_name" : "RabbitMq for PCF", + "version" : { + "version_data" : [ { - "affected": ">", - "version_name": "all versions", - "version_value": "1" + "affected" : ">", + "version_name" : "all versions", + "version_value" : "1" } ] } } ] }, - "vendor_name": "Pivotal" + "vendor_name" : "Pivotal" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster." + "lang" : "eng", + "value" : "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 8.5, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "LOW", + "scope" : "CHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Use of Insufficiently Random Values" + "lang" : "eng", + "value" : "Use of Insufficiently Random Values" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2018-1279" + "name" : "https://pivotal.io/security/cve-2018-1279", + "refsource" : "CONFIRM", + "url" : "https://pivotal.io/security/cve-2018-1279" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +}