From 07d55e472ca9ce7ee8574df3fd7f525fe1f3f360 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 9 Sep 2021 14:00:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35217.json | 29 ++++++++++---------- 2021/37xxx/CVE-2021-37101.json | 50 ++++++++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3783.json | 18 ++++++++++++ 2021/3xxx/CVE-2021-3784.json | 18 ++++++++++++ 2021/40xxx/CVE-2021-40346.json | 2 +- 5 files changed, 99 insertions(+), 18 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3783.json create mode 100644 2021/3xxx/CVE-2021-3784.json diff --git a/2021/35xxx/CVE-2021-35217.json b/2021/35xxx/CVE-2021-35217.json index 5e798dd3bff..a8b82c847f3 100644 --- a/2021/35xxx/CVE-2021-35217.json +++ b/2021/35xxx/CVE-2021-35217.json @@ -1,7 +1,7 @@ { "CVE_data_meta": { "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2021-09-02T13:14:00.000Z", + "DATE_PUBLIC": "2021-09-09T10:03:00.000Z", "ID": "CVE-2021-35217", "STATE": "PUBLIC", "TITLE": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability. " @@ -13,13 +13,14 @@ "product": { "product_data": [ { - "product_name": "Orion Platform ", + "product_name": "Patch Manager", "version": { "version_data": [ { + "platform": "Windows", "version_affected": "<", "version_name": "2020.2.5 and previous versions", - "version_value": "2020.2.6" + "version_value": "2020.2.6 HF1" } ] } @@ -73,7 +74,7 @@ "description": [ { "lang": "eng", - "value": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability." + "value": "CWE-502 Deserialization of Untrusted Data" } ] } @@ -82,19 +83,19 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm", - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm" + "name": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US", + "refsource": "CONFIRM", + "url": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US" }, { - "refsource": "MISC", - "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm", - "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm" + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217", + "refsource": "CONFIRM", + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217" }, { - "refsource": "MISC", - "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217", - "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217" + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm", + "refsource": "CONFIRM", + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm" } ] }, @@ -105,6 +106,6 @@ } ], "source": { - "discovery": "UNKNOWN" + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37101.json b/2021/37xxx/CVE-2021-37101.json index 43366b307fa..4b1dd8b4256 100644 --- a/2021/37xxx/CVE-2021-37101.json +++ b/2021/37xxx/CVE-2021-37101.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AIS-BW50-00", + "version": { + "version_data": [ + { + "version_value": "9.0.6.2(H100SP10C00),9.0.6.2(H100SP15C00)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device." } ] } diff --git a/2021/3xxx/CVE-2021-3783.json b/2021/3xxx/CVE-2021-3783.json new file mode 100644 index 00000000000..3e0f08a83d4 --- /dev/null +++ b/2021/3xxx/CVE-2021-3783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3784.json b/2021/3xxx/CVE-2021-3784.json new file mode 100644 index 00000000000..84f490a7d60 --- /dev/null +++ b/2021/3xxx/CVE-2021-3784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40346.json b/2021/40xxx/CVE-2021-40346.json index cb96389a071..7c7bc9bb1ab 100644 --- a/2021/40xxx/CVE-2021-40346.json +++ b/2021/40xxx/CVE-2021-40346.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs." + "value": "An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs." } ] },