From 02c9c9c47e7d4cb16a62c2ef1f2ccf97d1e71b6a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 31 Jul 2023 18:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/28xxx/CVE-2023-28013.json | 22 ++++++------- 2023/28xxx/CVE-2023-28023.json | 30 +++++++++--------- 2023/38xxx/CVE-2023-38989.json | 56 ++++++++++++++++++++++++++++++---- 2023/39xxx/CVE-2023-39410.json | 18 +++++++++++ 2023/3xxx/CVE-2023-3446.json | 5 +++ 2023/3xxx/CVE-2023-3817.json | 5 +++ 2023/4xxx/CVE-2023-4031.json | 18 +++++++++++ 7 files changed, 122 insertions(+), 32 deletions(-) create mode 100644 2023/39xxx/CVE-2023-39410.json create mode 100644 2023/4xxx/CVE-2023-4031.json diff --git a/2023/28xxx/CVE-2023-28013.json b/2023/28xxx/CVE-2023-28013.json index 71dd8de783a..363e56532b8 100644 --- a/2023/28xxx/CVE-2023-28013.json +++ b/2023/28xxx/CVE-2023-28013.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.\n" + "value": "HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n" } ] }, @@ -31,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "HCL Software ", + "vendor_name": "HCL Software", "product": { "product_data": [ { - "product_name": "HCL BigFix Mobile", + "product_name": "HCL Verse", "version": { "version_data": [ { "version_affected": "=", - "version_value": "3.0" + "version_value": "< 3.1" } ] } @@ -54,9 +54,9 @@ "references": { "reference_data": [ { - "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106371", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905", "refsource": "MISC", - "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106371" + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905" } ] }, @@ -72,14 +72,14 @@ "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", - "baseScore": 6.6, + "baseScore": 6.5, "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", + "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" } ] diff --git a/2023/28xxx/CVE-2023-28023.json b/2023/28xxx/CVE-2023-28023.json index 04391b4fc7a..211ede9498a 100644 --- a/2023/28xxx/CVE-2023-28023.json +++ b/2023/28xxx/CVE-2023-28023.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).\u00a0\n" + "value": "HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n" } ] }, @@ -35,12 +35,12 @@ "product": { "product_data": [ { - "product_name": "HCL BigFix WebUI Software Distribution", + "product_name": "HCL Verse", "version": { "version_data": [ { "version_affected": "=", - "version_value": "<=44" + "version_value": "< 3.1" } ] } @@ -54,9 +54,9 @@ "references": { "reference_data": [ { - "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904", "refsource": "MISC", - "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106123" + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105904" } ] }, @@ -69,17 +69,17 @@ "impact": { "cvss": [ { - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" } ] diff --git a/2023/38xxx/CVE-2023-38989.json b/2023/38xxx/CVE-2023-38989.json index 5f4fd383094..9808b4f36f2 100644 --- a/2023/38xxx/CVE-2023-38989.json +++ b/2023/38xxx/CVE-2023-38989.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38989", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38989", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/thinkgem/jeesite/issues/518", + "refsource": "MISC", + "name": "https://github.com/thinkgem/jeesite/issues/518" } ] } diff --git a/2023/39xxx/CVE-2023-39410.json b/2023/39xxx/CVE-2023-39410.json new file mode 100644 index 00000000000..14df33499e1 --- /dev/null +++ b/2023/39xxx/CVE-2023-39410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3446.json b/2023/3xxx/CVE-2023-3446.json index a8667d7ff6c..50b23ecf91b 100644 --- a/2023/3xxx/CVE-2023-3446.json +++ b/2023/3xxx/CVE-2023-3446.json @@ -108,6 +108,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/19/6", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/19/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/31/1" } ] }, diff --git a/2023/3xxx/CVE-2023-3817.json b/2023/3xxx/CVE-2023-3817.json index 8a2c709d2e6..a1a7bcaf31b 100644 --- a/2023/3xxx/CVE-2023-3817.json +++ b/2023/3xxx/CVE-2023-3817.json @@ -93,6 +93,11 @@ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/31/1" } ] }, diff --git a/2023/4xxx/CVE-2023-4031.json b/2023/4xxx/CVE-2023-4031.json new file mode 100644 index 00000000000..7841af1603d --- /dev/null +++ b/2023/4xxx/CVE-2023-4031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file