From 0296d7e56b99e50fba4176b9b603e1b8ce796485 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Sep 2021 17:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4690.json | 174 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4803.json | 172 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4805.json | 174 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4809.json | 174 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20377.json | 176 ++++++++++++++++----------------- 2021/24xxx/CVE-2021-24169.json | 139 +++++++++++++------------- 2021/24xxx/CVE-2021-24272.json | 139 +++++++++++++------------- 2021/38xxx/CVE-2021-38863.json | 176 ++++++++++++++++----------------- 2021/40xxx/CVE-2021-40875.json | 5 + 9 files changed, 672 insertions(+), 657 deletions(-) diff --git a/2020/4xxx/CVE-2020-4690.json b/2020/4xxx/CVE-2020-4690.json index dd4697986a8..7b85f08c847 100644 --- a/2020/4xxx/CVE-2020-4690.json +++ b/2020/4xxx/CVE-2020-4690.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6491125 (Security Guardium)", - "name" : "https://www.ibm.com/support/pages/node/6491125", - "url" : "https://www.ibm.com/support/pages/node/6491125", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186697", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-guardium-cve20204690-info-disc (186697)" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "data_type": "CVE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - } - ] - }, - "product_name" : "Security Guardium" - } - ] - } + "title": "IBM Security Bulletin 6491125 (Security Guardium)", + "name": "https://www.ibm.com/support/pages/node/6491125", + "url": "https://www.ibm.com/support/pages/node/6491125", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186697", + "title": "X-Force Vulnerability Report", + "name": "ibm-guardium-cve20204690-info-disc (186697)" } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AV" : "N", - "A" : "N", - "C" : "H", - "PR" : "N", - "AC" : "L", - "S" : "U", - "UI" : "N", - "SCORE" : "7.500", - "I" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4690", - "DATE_PUBLIC" : "2021-09-21T00:00:00" - } -} + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.3" + } + ] + }, + "product_name": "Security Guardium" + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "AV": "N", + "A": "N", + "C": "H", + "PR": "N", + "AC": "L", + "S": "U", + "UI": "N", + "SCORE": "7.500", + "I": "N" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4690", + "DATE_PUBLIC": "2021-09-21T00:00:00" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4803.json b/2020/4xxx/CVE-2020-4803.json index 7a521c84322..ac40eb72666 100644 --- a/2020/4xxx/CVE-2020-4803.json +++ b/2020/4xxx/CVE-2020-4803.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "S" : "U", - "I" : "N", - "SCORE" : "4.000", - "PR" : "N", - "AC" : "L", - "C" : "L", - "A" : "N", - "AV" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Edge", - "version" : { - "version_data" : [ - { - "version_value" : "4.2" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535." } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-09-22T00:00:00", - "ID" : "CVE-2020-4803" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "S": "U", + "I": "N", + "SCORE": "4.000", + "PR": "N", + "AC": "L", + "C": "L", + "A": "N", + "AV": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Edge", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6491625 (Edge)", - "name" : "https://www.ibm.com/support/pages/node/6491625", - "url" : "https://www.ibm.com/support/pages/node/6491625" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189535", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-edge-cve20204803-info-disc (189535)", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-09-22T00:00:00", + "ID": "CVE-2020-4803" + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6491625 (Edge)", + "name": "https://www.ibm.com/support/pages/node/6491625", + "url": "https://www.ibm.com/support/pages/node/6491625" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189535", + "title": "X-Force Vulnerability Report", + "name": "ibm-edge-cve20204803-info-disc (189535)", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4805.json b/2020/4xxx/CVE-2020-4805.json index 1233ec693c8..d131f6eb60f 100644 --- a/2020/4xxx/CVE-2020-4805.json +++ b/2020/4xxx/CVE-2020-4805.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6491633", - "title" : "IBM Security Bulletin 6491633 (Edge)", - "url" : "https://www.ibm.com/support/pages/node/6491633", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-edge-cve20204805-info-disc (189539)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189539", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "C" : "L", - "AV" : "L", - "AC" : "L", - "PR" : "N", - "I" : "N", - "SCORE" : "4.000", - "UI" : "N", - "S" : "U" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.2" - } - ] - }, - "product_name" : "Edge" - } - ] - } + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4805", - "DATE_PUBLIC" : "2021-09-22T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - } -} + ] + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6491633", + "title": "IBM Security Bulletin 6491633 (Edge)", + "url": "https://www.ibm.com/support/pages/node/6491633", + "refsource": "CONFIRM" + }, + { + "name": "ibm-edge-cve20204805-info-disc (189539)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189539", + "refsource": "XF" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "A": "N", + "C": "L", + "AV": "L", + "AC": "L", + "PR": "N", + "I": "N", + "SCORE": "4.000", + "UI": "N", + "S": "U" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + }, + "product_name": "Edge" + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-4805", + "DATE_PUBLIC": "2021-09-22T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4809.json b/2020/4xxx/CVE-2020-4809.json index 5423dbfc61e..94bf980b574 100644 --- a/2020/4xxx/CVE-2020-4809.json +++ b/2020/4xxx/CVE-2020-4809.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6491631", - "title" : "IBM Security Bulletin 6491631 (Edge)", - "name" : "https://www.ibm.com/support/pages/node/6491631" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633", - "name" : "ibm-edge-cve20204809-info-disc (189633)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-09-22T00:00:00", - "ID" : "CVE-2020-4809" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Edge", - "version" : { - "version_data" : [ - { - "version_value" : "4.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "S" : "U", - "SCORE" : "4.000", - "I" : "N", - "A" : "N", - "C" : "L", - "AV" : "L", - "PR" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - } -} + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6491631", + "title": "IBM Security Bulletin 6491631 (Edge)", + "name": "https://www.ibm.com/support/pages/node/6491631" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189633", + "name": "ibm-edge-cve20204809-info-disc (189633)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-09-22T00:00:00", + "ID": "CVE-2020-4809" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edge", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "S": "U", + "SCORE": "4.000", + "I": "N", + "A": "N", + "C": "L", + "AV": "L", + "PR": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20377.json b/2021/20xxx/CVE-2021-20377.json index 48188842c9c..2497d79ac6a 100644 --- a/2021/20xxx/CVE-2021-20377.json +++ b/2021/20xxx/CVE-2021-20377.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-09-21T00:00:00", - "ID" : "CVE-2021-20377", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - } - ] - }, - "product_name" : "Security Guardium" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "A" : "N", - "C" : "L", - "AC" : "L", - "PR" : "H", - "SCORE" : "2.700", - "I" : "N", - "S" : "U", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "DATE_PUBLIC": "2021-09-21T00:00:00", + "ID": "CVE-2021-20377", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.3" + } + ] + }, + "product_name": "Security Guardium" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6491125 (Security Guardium)", - "name" : "https://www.ibm.com/support/pages/node/6491125", - "url" : "https://www.ibm.com/support/pages/node/6491125", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195569", - "name" : "ibm-guardium-cve202120377-info-disc (195569)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "AV": "N", + "A": "N", + "C": "L", + "AC": "L", + "PR": "H", + "SCORE": "2.700", + "I": "N", + "S": "U", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6491125 (Security Guardium)", + "name": "https://www.ibm.com/support/pages/node/6491125", + "url": "https://www.ibm.com/support/pages/node/6491125", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195569", + "name": "ibm-guardium-cve202120377-info-disc (195569)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24169.json b/2021/24xxx/CVE-2021-24169.json index 104f6ae88c4..345b3654d01 100644 --- a/2021/24xxx/CVE-2021-24169.json +++ b/2021/24xxx/CVE-2021-24169.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24169", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Advanced Order Export For WooCommerce", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.8", - "version_value": "3.1.8" + "CVE_data_meta": { + "ID": "CVE-2021-24169", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Advanced Order Export For WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.8", + "version_value": "3.1.8" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3", - "name": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "0xB9" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3", + "name": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "0xB9" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24272.json b/2021/24xxx/CVE-2021-24272.json index a79eff6adb2..addb80d507f 100644 --- a/2021/24xxx/CVE-2021-24272.json +++ b/2021/24xxx/CVE-2021-24272.json @@ -1,75 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24272", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "fitness calculators", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.9.6", - "version_value": "1.9.6" + "CVE_data_meta": { + "ID": "CVE-2021-24272", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "fitness calculators", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.6", + "version_value": "1.9.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", - "name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue" + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "0xB9" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", + "name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "0xB9" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38863.json b/2021/38xxx/CVE-2021-38863.json index 62b3193a291..1641eb9cc1a 100644 --- a/2021/38xxx/CVE-2021-38863.json +++ b/2021/38xxx/CVE-2021-38863.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5.0" - } - ] - }, - "product_name" : "Security Verify Bridge" - } - ] - } - } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "S" : "C", - "SCORE" : "6.500", - "I" : "N", - "A" : "N", - "C" : "H", - "AV" : "L", - "PR" : "L", - "AC" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-09-22T00:00:00", - "ID" : "CVE-2021-38863", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6491653", - "title" : "IBM Security Bulletin 6491653 (Security Verify Bridge)", - "url" : "https://www.ibm.com/support/pages/node/6491653" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208154", - "name" : "ibm-sv-cve202138863-info-disc (208154)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0.5.0" + } + ] + }, + "product_name": "Security Verify Bridge" + } + ] + } + } ] - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "UI": "N", + "S": "C", + "SCORE": "6.500", + "I": "N", + "A": "N", + "C": "H", + "AV": "L", + "PR": "L", + "AC": "L" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154." + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-09-22T00:00:00", + "ID": "CVE-2021-38863", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6491653", + "title": "IBM Security Bulletin 6491653 (Security Verify Bridge)", + "url": "https://www.ibm.com/support/pages/node/6491653" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208154", + "name": "ibm-sv-cve202138863-info-disc (208154)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40875.json b/2021/40xxx/CVE-2021-40875.json index c1747001808..ff1793ac8d5 100644 --- a/2021/40xxx/CVE-2021-40875.json +++ b/2021/40xxx/CVE-2021-40875.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/SakuraSamuraii/derailed", "url": "https://github.com/SakuraSamuraii/derailed" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164270/Gurock-Testrail-7.2.0.3014-Improper-Access-Control.html", + "url": "http://packetstormsecurity.com/files/164270/Gurock-Testrail-7.2.0.3014-Improper-Access-Control.html" } ] }