Publish CVE-2020-7309.json

SB is live
2025-08-04 08:44:25 +00:00 · 2020-08-26 11:28:26 +05:30 · 2020-08-26 11:28:26 +05:30 · 07bf7db2f0
commit 07bf7db2f0
parent a5eb8b9d4a
1 changed files with 83 additions and 7 deletions
--- a/2020/7xxx/CVE-2020-7309.json
+++ b/2020/7xxx/CVE-2020-7309.json
@ -1,18 +1,94 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@mcafee.com",
+        "DATE_PUBLIC": "2020-08-25T00:00:00.000Z",
        "ID": "CVE-2020-7309",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross Site Scripting vulnerability in ePO extension of MACC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "McAfee Application and Change Control ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "8.3.1",
+                                            "version_value": "8.3.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "McAfee, LLC"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "McAfee credits Rares GOSMAN for responsibly reporting this flaw."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "LOW",
+            "baseScore": 3.9,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "HIGH",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79 Cross-site Scripting (XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10324",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10324"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "EXTERNAL"
    }
-}
+}