From 06135b417f41c9635dce8d7db5527973e58ffaa7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Feb 2021 21:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19004.json | 72 +++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19005.json | 67 +++++++++++++++++++++++++ 2020/9xxx/CVE-2020-9307.json | 61 ++++++++++++++++++++--- 2021/21xxx/CVE-2021-21014.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21047.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21048.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21049.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21050.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21051.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21052.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21053.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21054.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21055.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21058.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21059.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21062.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21063.json | 90 +++++++++++++++++++++++++++++++--- 2021/21xxx/CVE-2021-21445.json | 4 +- 2021/21xxx/CVE-2021-21446.json | 4 +- 2021/21xxx/CVE-2021-21447.json | 4 +- 2021/21xxx/CVE-2021-21448.json | 4 +- 2021/21xxx/CVE-2021-21449.json | 9 +--- 2021/21xxx/CVE-2021-21450.json | 9 +--- 2021/21xxx/CVE-2021-21451.json | 9 +--- 2021/21xxx/CVE-2021-21452.json | 9 +--- 2021/21xxx/CVE-2021-21453.json | 9 +--- 2021/21xxx/CVE-2021-21454.json | 9 +--- 2021/21xxx/CVE-2021-21455.json | 9 +--- 2021/21xxx/CVE-2021-21456.json | 9 +--- 2021/21xxx/CVE-2021-21457.json | 9 +--- 2021/21xxx/CVE-2021-21458.json | 9 +--- 2021/21xxx/CVE-2021-21459.json | 9 +--- 2021/21xxx/CVE-2021-21460.json | 9 +--- 2021/21xxx/CVE-2021-21461.json | 9 +--- 2021/21xxx/CVE-2021-21462.json | 9 +--- 2021/21xxx/CVE-2021-21463.json | 9 +--- 2021/21xxx/CVE-2021-21464.json | 10 ++-- 2021/21xxx/CVE-2021-21465.json | 4 +- 2021/21xxx/CVE-2021-21467.json | 6 +-- 2021/21xxx/CVE-2021-21468.json | 4 +- 2021/21xxx/CVE-2021-21469.json | 6 +-- 41 files changed, 1423 insertions(+), 218 deletions(-) create mode 100644 2019/19xxx/CVE-2019-19004.json create mode 100644 2019/19xxx/CVE-2019-19005.json diff --git a/2019/19xxx/CVE-2019-19004.json b/2019/19xxx/CVE-2019-19004.json new file mode 100644 index 00000000000..5c10cfe1a16 --- /dev/null +++ b/2019/19xxx/CVE-2019-19004.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/autotrace/autotrace/commits/master", + "refsource": "MISC", + "name": "https://github.com/autotrace/autotrace/commits/master" + }, + { + "refsource": "MISC", + "name": "https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c", + "url": "https://github.com/autotrace/autotrace/commits/master/src/input-bmp.c" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/autotrace/autotrace/pull/40", + "url": "https://github.com/autotrace/autotrace/pull/40" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19005.json b/2019/19xxx/CVE-2019-19005.json new file mode 100644 index 00000000000..5589e3a4c55 --- /dev/null +++ b/2019/19xxx/CVE-2019-19005.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/autotrace/autotrace/commits/master", + "refsource": "MISC", + "name": "https://github.com/autotrace/autotrace/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/autotrace/autotrace/pull/40", + "url": "https://github.com/autotrace/autotrace/pull/40" + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9307.json b/2020/9xxx/CVE-2020-9307.json index bdb47098f7b..4a7fd9dee16 100644 --- a/2020/9xxx/CVE-2020-9307.json +++ b/2020/9xxx/CVE-2020-9307.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9307", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9307", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view", + "url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view" + }, + { + "refsource": "MISC", + "name": "https://www.belden.com/security", + "url": "https://www.belden.com/security" } ] } diff --git a/2021/21xxx/CVE-2021-21014.json b/2021/21xxx/CVE-2021-21014.json index c86930a7299..5d45fc59799 100644 --- a/2021/21xxx/CVE-2021-21014.json +++ b/2021/21xxx/CVE-2021-21014.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magento Commerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.4.1" + }, + { + "version_affected": "<=", + "version_value": "2.4.0-p1" + }, + { + "version_affected": "<=", + "version_value": "2.3.6" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 9.1, + "baseSeverity": "Critical", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type (CWE-434)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", + "name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21047.json b/2021/21xxx/CVE-2021-21047.json index 062cb010dbc..bf5527c44a8 100644 --- a/2021/21xxx/CVE-2021-21047.json +++ b/2021/21xxx/CVE-2021-21047.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.1.1" + }, + { + "version_affected": "<=", + "version_value": "21.2.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21048.json b/2021/21xxx/CVE-2021-21048.json index e6433a5cd2e..614e1575044 100644 --- a/2021/21xxx/CVE-2021-21048.json +++ b/2021/21xxx/CVE-2021-21048.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.1.1" + }, + { + "version_affected": "<=", + "version_value": "21.2.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21049.json b/2021/21xxx/CVE-2021-21049.json index 66463e85a55..18e6d5f28a7 100644 --- a/2021/21xxx/CVE-2021-21049.json +++ b/2021/21xxx/CVE-2021-21049.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.1.1" + }, + { + "version_affected": "<=", + "version_value": "21.2.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21050.json b/2021/21xxx/CVE-2021-21050.json index 0d55c7638ee..4b9129f432f 100644 --- a/2021/21xxx/CVE-2021-21050.json +++ b/2021/21xxx/CVE-2021-21050.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.1.1" + }, + { + "version_affected": "<=", + "version_value": "21.2.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21051.json b/2021/21xxx/CVE-2021-21051.json index 646414ee3b7..82848738ce0 100644 --- a/2021/21xxx/CVE-2021-21051.json +++ b/2021/21xxx/CVE-2021-21051.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoshop", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "22.1.1" + }, + { + "version_affected": "<=", + "version_value": "21.2.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow (CWE-120)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html", + "name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21052.json b/2021/21xxx/CVE-2021-21052.json index a6a2abbc663..f378f26e637 100644 --- a/2021/21xxx/CVE-2021-21052.json +++ b/2021/21xxx/CVE-2021-21052.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Animate Out-of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Animate", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "21.0.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/animate/apsb21-11.html", + "name": "https://helpx.adobe.com/security/products/animate/apsb21-11.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21053.json b/2021/21xxx/CVE-2021-21053.json index 99ebf5c7e70..2edac25e303 100644 --- a/2021/21xxx/CVE-2021-21053.json +++ b/2021/21xxx/CVE-2021-21053.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "25.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb21-12.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb21-12.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21054.json b/2021/21xxx/CVE-2021-21054.json index 3e806ae3dea..3688c8b3ced 100644 --- a/2021/21xxx/CVE-2021-21054.json +++ b/2021/21xxx/CVE-2021-21054.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "25.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb21-12.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb21-12.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21055.json b/2021/21xxx/CVE-2021-21055.json index bb7950fa0b5..a6302410666 100644 --- a/2021/21xxx/CVE-2021-21055.json +++ b/2021/21xxx/CVE-2021-21055.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dreamweaver", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "21.0" + }, + { + "version_affected": "<=", + "version_value": "20.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Physical", + "availabilityImpact": "High", + "baseScore": 6.2, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Search Path (CWE-426)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html", + "name": "https://helpx.adobe.com/security/products/dreamweaver/apsb21-13.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21058.json b/2021/21xxx/CVE-2021-21058.json index fd9860fc977..92df63caf15 100644 --- a/2021/21xxx/CVE-2021-21058.json +++ b/2021/21xxx/CVE-2021-21058.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21059.json b/2021/21xxx/CVE-2021-21059.json index 36f6dd2cefb..aba5ac5fd73 100644 --- a/2021/21xxx/CVE-2021-21059.json +++ b/2021/21xxx/CVE-2021-21059.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21062.json b/2021/21xxx/CVE-2021-21062.json index cd12723a69a..9c87814cc1c 100644 --- a/2021/21xxx/CVE-2021-21062.json +++ b/2021/21xxx/CVE-2021-21062.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21063.json b/2021/21xxx/CVE-2021-21063.json index aba1f62c154..043b90a2864 100644 --- a/2021/21xxx/CVE-2021-21063.json +++ b/2021/21xxx/CVE-2021-21063.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.013.20074" + }, + { + "version_affected": "<=", + "version_value": "2020.001.30018" + }, + { + "version_affected": "<=", + "version_value": "2017.011.30188" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "None", + "attackVector": "None", + "availabilityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "None", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21445.json b/2021/21xxx/CVE-2021-21445.json index eda30a05227..f28df7ba4f9 100644 --- a/2021/21xxx/CVE-2021-21445.json +++ b/2021/21xxx/CVE-2021-21445.json @@ -82,9 +82,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2984034", + "url": "https://launchpad.support.sap.com/#/notes/2984034", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2984034" + "name": "https://launchpad.support.sap.com/#/notes/2984034" } ] } diff --git a/2021/21xxx/CVE-2021-21446.json b/2021/21xxx/CVE-2021-21446.json index 71b6c8c2596..70bcfa5e5c3 100644 --- a/2021/21xxx/CVE-2021-21446.json +++ b/2021/21xxx/CVE-2021-21446.json @@ -90,9 +90,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3000306", + "url": "https://launchpad.support.sap.com/#/notes/3000306", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3000306" + "name": "https://launchpad.support.sap.com/#/notes/3000306" } ] } diff --git a/2021/21xxx/CVE-2021-21447.json b/2021/21xxx/CVE-2021-21447.json index 80ed659d6fd..86479632f2c 100644 --- a/2021/21xxx/CVE-2021-21447.json +++ b/2021/21xxx/CVE-2021-21447.json @@ -70,9 +70,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2965154", + "url": "https://launchpad.support.sap.com/#/notes/2965154", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2965154" + "name": "https://launchpad.support.sap.com/#/notes/2965154" } ] } diff --git a/2021/21xxx/CVE-2021-21448.json b/2021/21xxx/CVE-2021-21448.json index 85973b2b59c..413fda57200 100644 --- a/2021/21xxx/CVE-2021-21448.json +++ b/2021/21xxx/CVE-2021-21448.json @@ -66,9 +66,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2992269", + "url": "https://launchpad.support.sap.com/#/notes/2992269", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2992269" + "name": "https://launchpad.support.sap.com/#/notes/2992269" } ] } diff --git a/2021/21xxx/CVE-2021-21449.json b/2021/21xxx/CVE-2021-21449.json index 555eee973ee..52d92603c1a 100644 --- a/2021/21xxx/CVE-2021-21449.json +++ b/2021/21xxx/CVE-2021-21449.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-013/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-013/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21450.json b/2021/21xxx/CVE-2021-21450.json index 9a4a8bfb8db..2015a78cc27 100644 --- a/2021/21xxx/CVE-2021-21450.json +++ b/2021/21xxx/CVE-2021-21450.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-012/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-012/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21451.json b/2021/21xxx/CVE-2021-21451.json index 5d7acd4a753..6c91c1897c1 100644 --- a/2021/21xxx/CVE-2021-21451.json +++ b/2021/21xxx/CVE-2021-21451.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-011/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-011/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21452.json b/2021/21xxx/CVE-2021-21452.json index c0cc0172877..6e8ca9d6029 100644 --- a/2021/21xxx/CVE-2021-21452.json +++ b/2021/21xxx/CVE-2021-21452.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-010/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-010/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21453.json b/2021/21xxx/CVE-2021-21453.json index 0c308341917..b780ddc7af7 100644 --- a/2021/21xxx/CVE-2021-21453.json +++ b/2021/21xxx/CVE-2021-21453.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-009/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-009/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21454.json b/2021/21xxx/CVE-2021-21454.json index ffcfd8834c5..fc7bc4eec0b 100644 --- a/2021/21xxx/CVE-2021-21454.json +++ b/2021/21xxx/CVE-2021-21454.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-008/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-008/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21455.json b/2021/21xxx/CVE-2021-21455.json index 2287b639592..a86a1ad9f46 100644 --- a/2021/21xxx/CVE-2021-21455.json +++ b/2021/21xxx/CVE-2021-21455.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-007/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-007/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21456.json b/2021/21xxx/CVE-2021-21456.json index 0bb6baceac1..7faf8f8ad75 100644 --- a/2021/21xxx/CVE-2021-21456.json +++ b/2021/21xxx/CVE-2021-21456.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-006/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-006/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21457.json b/2021/21xxx/CVE-2021-21457.json index d34e95d514f..d790f6edc1b 100644 --- a/2021/21xxx/CVE-2021-21457.json +++ b/2021/21xxx/CVE-2021-21457.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-005/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-005/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21458.json b/2021/21xxx/CVE-2021-21458.json index 2cf2f1d7372..32847af847c 100644 --- a/2021/21xxx/CVE-2021-21458.json +++ b/2021/21xxx/CVE-2021-21458.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-004/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-004/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21459.json b/2021/21xxx/CVE-2021-21459.json index 0289d3b9f18..e35bc6a4de6 100644 --- a/2021/21xxx/CVE-2021-21459.json +++ b/2021/21xxx/CVE-2021-21459.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-002/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-002/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21460.json b/2021/21xxx/CVE-2021-21460.json index bdf22e64421..d1c83c687ca 100644 --- a/2021/21xxx/CVE-2021-21460.json +++ b/2021/21xxx/CVE-2021-21460.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-003/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-003/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21461.json b/2021/21xxx/CVE-2021-21461.json index 31e3209839f..9ba23a6ceae 100644 --- a/2021/21xxx/CVE-2021-21461.json +++ b/2021/21xxx/CVE-2021-21461.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-014/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-014/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21462.json b/2021/21xxx/CVE-2021-21462.json index 326691b6747..d15dd384f4c 100644 --- a/2021/21xxx/CVE-2021-21462.json +++ b/2021/21xxx/CVE-2021-21462.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-015/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-015/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21463.json b/2021/21xxx/CVE-2021-21463.json index 167725fdb16..cd6a157df33 100644 --- a/2021/21xxx/CVE-2021-21463.json +++ b/2021/21xxx/CVE-2021-21463.json @@ -60,20 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { + "url": "https://launchpad.support.sap.com/#/notes/3002617", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-016/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-016/" + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21464.json b/2021/21xxx/CVE-2021-21464.json index 7d1b73d5d62..621528d3089 100644 --- a/2021/21xxx/CVE-2021-21464.json +++ b/2021/21xxx/CVE-2021-21464.json @@ -60,15 +60,15 @@ }, "references": { "reference_data": [ - { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3002617", - "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3002617" - }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3002617", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3002617" } ] } diff --git a/2021/21xxx/CVE-2021-21465.json b/2021/21xxx/CVE-2021-21465.json index 395296c8ab4..31df60fc9ea 100644 --- a/2021/21xxx/CVE-2021-21465.json +++ b/2021/21xxx/CVE-2021-21465.json @@ -110,9 +110,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2986980", + "url": "https://launchpad.support.sap.com/#/notes/2986980", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2986980" + "name": "https://launchpad.support.sap.com/#/notes/2986980" } ] } diff --git a/2021/21xxx/CVE-2021-21467.json b/2021/21xxx/CVE-2021-21467.json index d7d1028d9a9..a2dbb0332bb 100644 --- a/2021/21xxx/CVE-2021-21467.json +++ b/2021/21xxx/CVE-2021-21467.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "SAP Banking Services (Generic Market Data) 400, 450, and 500 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check." + "value": "SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check." } ] }, @@ -74,9 +74,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/3008422", + "url": "https://launchpad.support.sap.com/#/notes/3008422", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/3008422" + "name": "https://launchpad.support.sap.com/#/notes/3008422" } ] } diff --git a/2021/21xxx/CVE-2021-21468.json b/2021/21xxx/CVE-2021-21468.json index 842b0335e0b..1b25ac2af20 100644 --- a/2021/21xxx/CVE-2021-21468.json +++ b/2021/21xxx/CVE-2021-21468.json @@ -110,9 +110,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2986980", + "url": "https://launchpad.support.sap.com/#/notes/2986980", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2986980" + "name": "https://launchpad.support.sap.com/#/notes/2986980" } ] } diff --git a/2021/21xxx/CVE-2021-21469.json b/2021/21xxx/CVE-2021-21469.json index f167bff11f6..9cf83f9c0a4 100644 --- a/2021/21xxx/CVE-2021-21469.json +++ b/2021/21xxx/CVE-2021-21469.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "When security guidelines for SAP NetWeaver Master Data Management, versions 7.10, 710, and 710.750, running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure." + "value": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure." } ] }, @@ -74,9 +74,9 @@ "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476" }, { - "url": "https://i7p.wdf.sap.corp/sap/support/notes/2993032", + "url": "https://launchpad.support.sap.com/#/notes/2993032", "refsource": "MISC", - "name": "https://i7p.wdf.sap.corp/sap/support/notes/2993032" + "name": "https://launchpad.support.sap.com/#/notes/2993032" } ] }