admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-23 17:01:02 +00:00
parent d84cfb6870
commit 0296d7e56b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 672 additions and 657 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
2020/4xxx/CVE-2020-4690.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6491125 (Security Guardium)",
"name" : "https://www.ibm.com/support/pages/node/6491125",
"url" : "https://www.ibm.com/support/pages/node/6491125",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186697",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-guardium-cve20204690-info-disc (186697)"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
}
]
},
"product_name" : "Security Guardium"
}
]
}
"title": "IBM Security Bulletin 6491125 (Security Guardium)",
"name": "https://www.ibm.com/support/pages/node/6491125",
"url": "https://www.ibm.com/support/pages/node/6491125",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186697",
"title": "X-Force Vulnerability Report",
"name": "ibm-guardium-cve20204690-info-disc (186697)"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"A" : "N",
"C" : "H",
"PR" : "N",
"AC" : "L",
"S" : "U",
"UI" : "N",
"SCORE" : "7.500",
"I" : "N"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4690",
"DATE_PUBLIC" : "2021-09-21T00:00:00"
}
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.3"
}
]
},
"product_name": "Security Guardium"
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"AV": "N",
"A": "N",
"C": "H",
"PR": "N",
"AC": "L",
"S": "U",
"UI": "N",
"SCORE": "7.500",
"I": "N"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4690",
"DATE_PUBLIC": "2021-09-21T00:00:00"
}
}

172
2020/4xxx/CVE-2020-4803.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "N",
"S" : "U",
"I" : "N",
"SCORE" : "4.000",
"PR" : "N",
"AC" : "L",
"C" : "L",
"A" : "N",
"AV" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Edge",
"version" : {
"version_data" : [
{
"version_value" : "4.2"
}
]
}
}
]
}
"lang": "eng",
"value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535."
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-09-22T00:00:00",
"ID" : "CVE-2020-4803"
},
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"UI": "N",
"S": "U",
"I": "N",
"SCORE": "4.000",
"PR": "N",
"AC": "L",
"C": "L",
"A": "N",
"AV": "L"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "4.2"
}
]
}
}
]
}
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6491625 (Edge)",
"name" : "https://www.ibm.com/support/pages/node/6491625",
"url" : "https://www.ibm.com/support/pages/node/6491625"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189535",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-edge-cve20204803-info-disc (189535)",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-09-22T00:00:00",
"ID": "CVE-2020-4803"
},
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6491625 (Edge)",
"name": "https://www.ibm.com/support/pages/node/6491625",
"url": "https://www.ibm.com/support/pages/node/6491625"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189535",
"title": "X-Force Vulnerability Report",
"name": "ibm-edge-cve20204803-info-disc (189535)",
"refsource": "XF"
}
]
},
"data_format": "MITRE"
}

174
2020/4xxx/CVE-2020-4805.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6491633",
"title" : "IBM Security Bulletin 6491633 (Edge)",
"url" : "https://www.ibm.com/support/pages/node/6491633",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-edge-cve20204805-info-disc (189539)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189539",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "N",
"C" : "L",
"AV" : "L",
"AC" : "L",
"PR" : "N",
"I" : "N",
"SCORE" : "4.000",
"UI" : "N",
"S" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "4.2"
}
]
},
"product_name" : "Edge"
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-4805",
"DATE_PUBLIC" : "2021-09-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6491633",
"title": "IBM Security Bulletin 6491633 (Edge)",
"url": "https://www.ibm.com/support/pages/node/6491633",
"refsource": "CONFIRM"
},
{
"name": "ibm-edge-cve20204805-info-disc (189539)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189539",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"A": "N",
"C": "L",
"AV": "L",
"AC": "L",
"PR": "N",
"I": "N",
"SCORE": "4.000",
"UI": "N",
"S": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.2"
}
]
},
"product_name": "Edge"
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2020-4805",
"DATE_PUBLIC": "2021-09-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
}
}

174
2020/4xxx/CVE-2020-4809.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6491631",
"title" : "IBM Security Bulletin 6491631 (Edge)",
"name" : "https://www.ibm.com/support/pages/node/6491631"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633",
"name" : "ibm-edge-cve20204809-info-disc (189633)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-09-22T00:00:00",
"ID" : "CVE-2020-4809"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Edge",
"version" : {
"version_data" : [
{
"version_value" : "4.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"SCORE" : "4.000",
"I" : "N",
"A" : "N",
"C" : "L",
"AV" : "L",
"PR" : "N",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
}
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6491631",
"title": "IBM Security Bulletin 6491631 (Edge)",
"name": "https://www.ibm.com/support/pages/node/6491631"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633",
"name": "ibm-edge-cve20204809-info-disc (189633)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-09-22T00:00:00",
"ID": "CVE-2020-4809"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"SCORE": "4.000",
"I": "N",
"A": "N",
"C": "L",
"AV": "L",
"PR": "N",
"AC": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
}
}

176
2021/20xxx/CVE-2021-20377.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-09-21T00:00:00",
"ID" : "CVE-2021-20377",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.3"
}
]
},
"product_name" : "Security Guardium"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"A" : "N",
"C" : "L",
"AC" : "L",
"PR" : "H",
"SCORE" : "2.700",
"I" : "N",
"S" : "U",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"DATE_PUBLIC": "2021-09-21T00:00:00",
"ID": "CVE-2021-20377",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.3"
}
]
},
"product_name": "Security Guardium"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6491125 (Security Guardium)",
"name" : "https://www.ibm.com/support/pages/node/6491125",
"url" : "https://www.ibm.com/support/pages/node/6491125",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195569",
"name" : "ibm-guardium-cve202120377-info-disc (195569)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "N",
"A": "N",
"C": "L",
"AC": "L",
"PR": "H",
"SCORE": "2.700",
"I": "N",
"S": "U",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6491125 (Security Guardium)",
"name": "https://www.ibm.com/support/pages/node/6491125",
"url": "https://www.ibm.com/support/pages/node/6491125",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195569",
"name": "ibm-guardium-cve202120377-info-disc (195569)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE"
}

139
2021/24xxx/CVE-2021-24169.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24169",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Order Export For WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.8",
"version_value": "3.1.8"
"CVE_data_meta": {
"ID": "CVE-2021-24169",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Order Export For WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.8",
"version_value": "3.1.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3",
"name": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3",
"name": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

139
2021/24xxx/CVE-2021-24272.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24272",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "fitness calculators",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.6",
"version_value": "1.9.6"
"CVE_data_meta": {
"ID": "CVE-2021-24272",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "fitness calculators",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.9.6",
"version_value": "1.9.6"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
"name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f",
"name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "0xB9"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

176
2021/38xxx/CVE-2021-38863.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0.5.0"
}
]
},
"product_name" : "Security Verify Bridge"
}
]
}
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"S" : "C",
"SCORE" : "6.500",
"I" : "N",
"A" : "N",
"C" : "H",
"AV" : "L",
"PR" : "L",
"AC" : "L"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-09-22T00:00:00",
"ID" : "CVE-2021-38863",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6491653",
"title" : "IBM Security Bulletin 6491653 (Security Verify Bridge)",
"url" : "https://www.ibm.com/support/pages/node/6491653"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208154",
"name" : "ibm-sv-cve202138863-info-disc (208154)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0.5.0"
}
]
},
"product_name": "Security Verify Bridge"
}
]
}
}
]
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"UI": "N",
"S": "C",
"SCORE": "6.500",
"I": "N",
"A": "N",
"C": "H",
"AV": "L",
"PR": "L",
"AC": "L"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-09-22T00:00:00",
"ID": "CVE-2021-38863",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6491653",
"title": "IBM Security Bulletin 6491653 (Security Verify Bridge)",
"url": "https://www.ibm.com/support/pages/node/6491653"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208154",
"name": "ibm-sv-cve202138863-info-disc (208154)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

5
2021/40xxx/CVE-2021-40875.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/SakuraSamuraii/derailed",
"url": "https://github.com/SakuraSamuraii/derailed"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164270/Gurock-Testrail-7.2.0.3014-Improper-Access-Control.html",
"url": "http://packetstormsecurity.com/files/164270/Gurock-Testrail-7.2.0.3014-Improper-Access-Control.html"
}
]
}