From 087adbad1cba972bf58b17cc4bb72e3f89535a3c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 May 2022 15:02:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/31xxx/CVE-2021-31674.json | 5 + 2021/37xxx/CVE-2021-37851.json | 210 ++++++++++++++++++++++++++++++++- 2022/1xxx/CVE-2022-1124.json | 90 +++++++++++++- 2022/1xxx/CVE-2022-1460.json | 90 +++++++++++++- 2022/1xxx/CVE-2022-1510.json | 90 +++++++++++++- 2022/1xxx/CVE-2022-1676.json | 18 +++ 2022/1xxx/CVE-2022-1677.json | 18 +++ 2022/24xxx/CVE-2022-24272.json | 7 +- 2022/25xxx/CVE-2022-25342.json | 5 - 2022/27xxx/CVE-2022-27656.json | 158 ++++++++++++++++++++++++- 2022/28xxx/CVE-2022-28214.json | 67 ++++++++++- 2022/28xxx/CVE-2022-28774.json | 63 +++++++++- 2022/29xxx/CVE-2022-29610.json | 75 +++++++++++- 2022/29xxx/CVE-2022-29611.json | 127 +++++++++++++++++++- 2022/29xxx/CVE-2022-29613.json | 63 +++++++++- 2022/30xxx/CVE-2022-30292.json | 5 + 16 files changed, 1047 insertions(+), 44 deletions(-) create mode 100644 2022/1xxx/CVE-2022-1676.json create mode 100644 2022/1xxx/CVE-2022-1677.json diff --git a/2021/31xxx/CVE-2021-31674.json b/2021/31xxx/CVE-2021-31674.json index a530d20efff..98c35af4a6f 100644 --- a/2021/31xxx/CVE-2021-31674.json +++ b/2021/31xxx/CVE-2021-31674.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-in-undefined-enum-cve-2021-31674", "url": "https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-in-undefined-enum-cve-2021-31674" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50908", + "url": "https://www.exploit-db.com/exploits/50908" } ] } diff --git a/2021/37xxx/CVE-2021-37851.json b/2021/37xxx/CVE-2021-37851.json index 3b8945434a6..61fe3de0570 100644 --- a/2021/37xxx/CVE-2021-37851.json +++ b/2021/37xxx/CVE-2021-37851.json @@ -1,18 +1,216 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@eset.com", + "DATE_PUBLIC": "2022-05-09T13:00:00.000Z", "ID": "CVE-2021-37851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local Privilege Escalation in ESET product for Windows" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESET NOD32 Antivirus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.2", + "version_value": "15.1.12.0" + } + ] + } + }, + { + "product_name": "ESET Internet Security", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.2", + "version_value": "15.1.12.0" + } + ] + } + }, + { + "product_name": "ESET Smart Security Premium", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.2", + "version_value": "15.1.12.0" + } + ] + } + }, + { + "product_name": "ESET Endpoint Antivirus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "9.0.2046.0" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.1.2050.0" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.0.2053.0" + } + ] + } + }, + { + "product_name": "ESET Endpoint Security", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "9.0.2046.0" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.1.2050.0" + }, + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.0.2053.0" + } + ] + } + }, + { + "product_name": "ESET Server Security for Microsoft Windows Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": " 9.0.12012.0" + } + ] + } + }, + { + "product_name": "ESET File Security for Microsoft Windows Server", + "version": { + "version_data": [ + { + "version_name": "6.0", + "version_value": "8.0.12013.0" + } + ] + } + }, + { + "product_name": "ESET Mail Security for Microsoft Exchange Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.0.10020.0" + } + ] + } + }, + { + "product_name": "ESET Mail Security for IBM Domino", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.0.14011.0" + } + ] + } + }, + { + "product_name": "ESET Security for Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0", + "version_value": "8.0.15009.0" + } + ] + } + } + ] + }, + "vendor_name": "ESET, spol. s r.o." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.eset.com/en/ca8268", + "name": "https://support.eset.com/en/ca8268" + } + ] + }, + "source": { + "advisory": "ca8268", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1124.json b/2022/1xxx/CVE-2022-1124.json index ecf8c30caa6..eae5cf0f1a9 100644 --- a/2022/1xxx/CVE-2022-1124.json +++ b/2022/1xxx/CVE-2022-1124.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "<14.8.6" + }, + { + "version_value": ">=14.9.0, <14.9.4" + }, + { + "version_value": ">=14.10.0, <14.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/323552", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/323552", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1113405", + "url": "https://hackerone.com/reports/1113405", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [jimeno](https://hackerone.com/jimeno) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1460.json b/2022/1xxx/CVE-2022-1460.json index 71e3f63683c..59dc750b275 100644 --- a/2022/1xxx/CVE-2022-1460.json +++ b/2022/1xxx/CVE-2022-1460.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=9.2, <14.8.6" + }, + { + "version_value": ">=14.9, <14.9.4" + }, + { + "version_value": ">=14.10, <14.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/118782", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/118782", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/755078", + "url": "https://hackerone.com/reports/755078", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1460.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1460.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [peterl](https://hackerone.com/peterl) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1510.json b/2022/1xxx/CVE-2022-1510.json index 38ac243de88..ea819e941c8 100644 --- a/2022/1xxx/CVE-2022-1510.json +++ b/2022/1xxx/CVE-2022-1510.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.9, <14.8.6" + }, + { + "version_value": ">=14.9, <14.9.4" + }, + { + "version_value": ">=14.10, <14.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/343276", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/343276", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1353058", + "url": "https://hackerone.com/reports/1353058", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1510.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1510.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [stunninglemon](https://hackerone.com/stunninglemon) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1676.json b/2022/1xxx/CVE-2022-1676.json new file mode 100644 index 00000000000..74e1bf81a19 --- /dev/null +++ b/2022/1xxx/CVE-2022-1676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1677.json b/2022/1xxx/CVE-2022-1677.json new file mode 100644 index 00000000000..0dfcddb48ef --- /dev/null +++ b/2022/1xxx/CVE-2022-1677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24272.json b/2022/24xxx/CVE-2022-24272.json index 5fba9104923..807c60d6754 100644 --- a/2022/24xxx/CVE-2022-24272.json +++ b/2022/24xxx/CVE-2022-24272.json @@ -76,12 +76,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://jira.mongodb.org/browse/SERVER-63968" + "refsource": "MISC", + "url": "https://jira.mongodb.org/browse/SERVER-63968", + "name": "https://jira.mongodb.org/browse/SERVER-63968" } ] }, "source": { "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25342.json b/2022/25xxx/CVE-2022-25342.json index b51a09cbfde..898b5d2b8aa 100644 --- a/2022/25xxx/CVE-2022-25342.json +++ b/2022/25xxx/CVE-2022-25342.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://kyocera.com", - "refsource": "MISC", - "name": "https://kyocera.com" - }, { "refsource": "MISC", "name": "https://www.gruppotim.it/it/footer/red-team.html", diff --git a/2022/27xxx/CVE-2022-27656.json b/2022/27xxx/CVE-2022-27656.json index 9ad5de612a0..853d5e2e3c2 100644 --- a/2022/27xxx/CVE-2022-27656.json +++ b/2022/27xxx/CVE-2022-27656.json @@ -4,14 +4,166 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS for ABAP and Java (ICM Administration UI)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KRNL64NUC 7.22" + }, + { + "version_affected": "=", + "version_value": "7.22EXT" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "KRNL64 8.04" + }, + { + "version_affected": "=", + "version_value": "7.22" + }, + { + "version_affected": "=", + "version_value": "7.22EXT" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "KERNEL 7.22" + }, + { + "version_affected": "=", + "version_value": "8.04" + }, + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "7.77" + }, + { + "version_affected": "=", + "version_value": "7.81" + }, + { + "version_affected": "=", + "version_value": "7.85" + }, + { + "version_affected": "=", + "version_value": "7.86" + }, + { + "version_affected": "=", + "version_value": "7.87" + } + ] + } + }, + { + "product_name": "SAP Web Dispatcher (Web Administration UI)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.49" + }, + { + "version_affected": "=", + "version_value": "7.53" + }, + { + "version_affected": "=", + "version_value": "7.77" + }, + { + "version_affected": "=", + "version_value": "7.81" + }, + { + "version_affected": "=", + "version_value": "7.85" + }, + { + "version_affected": "=", + "version_value": "7.22_EXT" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3145046", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3145046" } ] } diff --git a/2022/28xxx/CVE-2022-28214.json b/2022/28xxx/CVE-2022-28214.json index 36e709318d6..64142404780 100644 --- a/2022/28xxx/CVE-2022-28214.json +++ b/2022/28xxx/CVE-2022-28214.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Enterprise (Central Management Server)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "420" + }, + { + "version_affected": "=", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2998510", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2998510" } ] } diff --git a/2022/28xxx/CVE-2022-28774.json b/2022/28xxx/CVE-2022-28774.json index 45b7c88fa5c..b65d7778e75 100644 --- a/2022/28xxx/CVE-2022-28774.json +++ b/2022/28xxx/CVE-2022-28774.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Host Agent", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.22" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3158188", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3158188" } ] } diff --git a/2022/29xxx/CVE-2022-29610.json b/2022/29xxx/CVE-2022-29610.json index 7f4d4d09a93..d23201f1ff2 100644 --- a/2022/29xxx/CVE-2022-29610.json +++ b/2022/29xxx/CVE-2022-29610.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server ABAP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "753" + }, + { + "version_affected": "=", + "version_value": "754" + }, + { + "version_affected": "=", + "version_value": "755" + }, + { + "version_affected": "=", + "version_value": "756" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3146336", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3146336" } ] } diff --git a/2022/29xxx/CVE-2022-29611.json b/2022/29xxx/CVE-2022-29611.json index 07b0a6c5b3b..a9f9cfa687a 100644 --- a/2022/29xxx/CVE-2022-29611.json +++ b/2022/29xxx/CVE-2022-29611.json @@ -4,14 +4,135 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "700" + }, + { + "version_affected": "=", + "version_value": "701" + }, + { + "version_affected": "=", + "version_value": "702" + }, + { + "version_affected": "=", + "version_value": "710" + }, + { + "version_affected": "=", + "version_value": "711" + }, + { + "version_affected": "=", + "version_value": "730" + }, + { + "version_affected": "=", + "version_value": "731" + }, + { + "version_affected": "=", + "version_value": "740" + }, + { + "version_affected": "=", + "version_value": "750" + }, + { + "version_affected": "=", + "version_value": "751" + }, + { + "version_affected": "=", + "version_value": "752" + }, + { + "version_affected": "=", + "version_value": "753" + }, + { + "version_affected": "=", + "version_value": "754" + }, + { + "version_affected": "=", + "version_value": "755" + }, + { + "version_affected": "=", + "version_value": "756" + }, + { + "version_affected": "=", + "version_value": "787" + }, + { + "version_affected": "=", + "version_value": "788" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3165801", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3165801" } ] } diff --git a/2022/29xxx/CVE-2022-29613.json b/2022/29xxx/CVE-2022-29613.json index a42d432df53..0a11927e899 100644 --- a/2022/29xxx/CVE-2022-29613.json +++ b/2022/29xxx/CVE-2022-29613.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Employee Self Service (Fiori My Leave Request)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "605" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3164677", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3164677" } ] } diff --git a/2022/30xxx/CVE-2022-30292.json b/2022/30xxx/CVE-2022-30292.json index d74aa5eed34..ef035f67084 100644 --- a/2022/30xxx/CVE-2022-30292.json +++ b/2022/30xxx/CVE-2022-30292.json @@ -56,6 +56,11 @@ "url": "https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d", "refsource": "MISC", "name": "https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d" + }, + { + "refsource": "MISC", + "name": "https://github.com/sprushed/CVE-2022-30292", + "url": "https://github.com/sprushed/CVE-2022-30292" } ] }