Merge pull request #2028 from RedHatProductSecurity/CVE-2016-7043

CVE-2016-7043
2025-05-06 18:53:08 +00:00 · 2019-05-15 11:46:21 -04:00 · 2019-05-15 11:46:21 -04:00 · 0a48e55e00
commit 0a48e55e00
parent f61c03f8fe 1c59677758
1 changed files with 72 additions and 8 deletions
--- a/2016/7xxx/CVE-2016-7043.json
+++ b/2016/7xxx/CVE-2016-7043.json
@ -1,18 +1,82 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2016-7043",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2016-7043",
+        "ASSIGNER": "lpardo@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "KIE",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "kie-server",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "affects < 7.21.0.Final"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-260"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273",
+                "name": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+                    "version": "3.0"
+                }
+            ],
+            [
+                {
+                    "vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N",
+                    "version": "2.0"
+                }
+            ]
+        ]
    }
-}
+}