mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
Added CVE-2018-11062,115762
This commit is contained in:
DellEMCProductSecurity
parent
e52f4f792c
commit
098a4ba66d
@ -1,18 +1,68 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-11062",
|
||||
"STATE" : "RESERVED"
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@dell.com",
|
||||
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
|
||||
"ID": "CVE-2018-11062",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Integrated Data Protection Appliance",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "2.X",
|
||||
"version_value": "2.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Dell EMC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"lang": "eng",
|
||||
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named “support” and “admin” that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,99 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-15762",
|
||||
"STATE" : "RESERVED"
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@dell.com",
|
||||
"DATE_PUBLIC": "2018-10-29T07:00:00.000Z",
|
||||
"ID": "CVE-2018-15762",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Pivotal Operations Manager gives all users heightened privileges"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Pivotal Operations Manager",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "2.0.x",
|
||||
"version_value": "2.0.24"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "2.1.x",
|
||||
"version_value": "2.1.15"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "2.2.x",
|
||||
"version_value": "2.2.7"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "2.3.x",
|
||||
"version_value": "2.3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Pivotal Cloud Foundry"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"lang": "eng",
|
||||
"value": "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Authorization"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://pivotal.io/security/cve-2018-15762"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user