From 0d1df681ae91a96f30488af7ddf055bff1ca56e2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Oct 2019 20:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0367.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0368.json | 99 +++++++++++++++++++++++++++++++--- 2019/0xxx/CVE-2019-0369.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0370.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0374.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0375.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0376.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0377.json | 64 +++++++++++++++++++--- 2019/0xxx/CVE-2019-0378.json | 64 +++++++++++++++++++--- 2019/0xxx/CVE-2019-0379.json | 68 ++++++++++++++++++++--- 2019/0xxx/CVE-2019-0380.json | 64 +++++++++++++++++++--- 2019/0xxx/CVE-2019-0381.json | 90 ++++++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10757.json | 50 +++++++++++++++-- 2019/3xxx/CVE-2019-3980.json | 58 +++++++++++++++++--- 14 files changed, 871 insertions(+), 94 deletions(-) diff --git a/2019/0xxx/CVE-2019-0367.json b/2019/0xxx/CVE-2019-0367.json index 439cd6cc62f..4ca3dd7dcaa 100644 --- a/2019/0xxx/CVE-2019-0367.json +++ b/2019/0xxx/CVE-2019-0367.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0367", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0367", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Process Integration (B2B Toolkit)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.0" + }, + { + "version_name": "<", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2805777", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2805777" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" } ] } diff --git a/2019/0xxx/CVE-2019-0368.json b/2019/0xxx/CVE-2019-0368.json index 55fffa51e49..b53e464a348 100644 --- a/2019/0xxx/CVE-2019-0368.json +++ b/2019/0xxx/CVE-2019-0368.json @@ -1,17 +1,102 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0368", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0368", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Customer Relationship Management (Email Management - S4CRM)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.0" + }, + { + "version_name": "<", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "SAP Customer Relationship Management (Email Management - BBPCRM)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.0" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.12" + }, + { + "version_name": "<", + "version_value": "7.13" + }, + { + "version_name": "<", + "version_value": "7.14" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2751806", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2751806" } ] } diff --git a/2019/0xxx/CVE-2019-0369.json b/2019/0xxx/CVE-2019-0369.json index d0720dd0de1..6c35d389464 100644 --- a/2019/0xxx/CVE-2019-0369.json +++ b/2019/0xxx/CVE-2019-0369.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0369", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0369", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Financial Consolidation", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.0" + }, + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2806403", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2806403" } ] } diff --git a/2019/0xxx/CVE-2019-0370.json b/2019/0xxx/CVE-2019-0370.json index 752899b674d..3e62bc3cd1e 100644 --- a/2019/0xxx/CVE-2019-0370.json +++ b/2019/0xxx/CVE-2019-0370.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0370", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0370", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Financial Consolidation", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.0" + }, + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Others" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2806403", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2806403" } ] } diff --git a/2019/0xxx/CVE-2019-0374.json b/2019/0xxx/CVE-2019-0374.json index 7ac10303c9d..910ce4fc831 100644 --- a/2019/0xxx/CVE-2019-0374.json +++ b/2019/0xxx/CVE-2019-0374.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0374", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0374", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + }, + { + "version_name": "<", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2817945", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2817945" } ] } diff --git a/2019/0xxx/CVE-2019-0375.json b/2019/0xxx/CVE-2019-0375.json index ec1c553e59e..4fef068f5c2 100644 --- a/2019/0xxx/CVE-2019-0375.json +++ b/2019/0xxx/CVE-2019-0375.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0375", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0375", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + }, + { + "version_name": "<", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2817945", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2817945" } ] } diff --git a/2019/0xxx/CVE-2019-0376.json b/2019/0xxx/CVE-2019-0376.json index 0bd8c6ff9fa..64c5513889c 100644 --- a/2019/0xxx/CVE-2019-0376.json +++ b/2019/0xxx/CVE-2019-0376.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0376", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0376", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + }, + { + "version_name": "<", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2817945", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2817945" } ] } diff --git a/2019/0xxx/CVE-2019-0377.json b/2019/0xxx/CVE-2019-0377.json index 1bd8ef98423..a6c4306f5ca 100644 --- a/2019/0xxx/CVE-2019-0377.json +++ b/2019/0xxx/CVE-2019-0377.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0377", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0377", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2817945", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2817945" } ] } diff --git a/2019/0xxx/CVE-2019-0378.json b/2019/0xxx/CVE-2019-0378.json index 730f7639840..a68b0398108 100644 --- a/2019/0xxx/CVE-2019-0378.json +++ b/2019/0xxx/CVE-2019-0378.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0378", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0378", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2817945", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2817945" } ] } diff --git a/2019/0xxx/CVE-2019-0379.json b/2019/0xxx/CVE-2019-0379.json index 5730fbdf787..c1cc13bbde5 100644 --- a/2019/0xxx/CVE-2019-0379.json +++ b/2019/0xxx/CVE-2019-0379.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0379", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0379", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Process Integration (AS2 Adapter)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.0" + }, + { + "version_name": "<", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is able to consistently bypass the authenticity check by crafting ad-hoc public certificates based on arbitrary key-pairs leading to Missing Authentication Check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2826015", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2826015" } ] } diff --git a/2019/0xxx/CVE-2019-0380.json b/2019/0xxx/CVE-2019-0380.json index 4cd2a326c18..c9b33639953 100644 --- a/2019/0xxx/CVE-2019-0380.json +++ b/2019/0xxx/CVE-2019-0380.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0380", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0380", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Landscape Management enterprise edition", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters\u2019 default values to be part of the application logs leading to Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2828682", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2828682" } ] } diff --git a/2019/0xxx/CVE-2019-0381.json b/2019/0xxx/CVE-2019-0381.json index 05ec7fab911..6f2a79e661f 100644 --- a/2019/0xxx/CVE-2019-0381.json +++ b/2019/0xxx/CVE-2019-0381.json @@ -1,17 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0381", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0381", + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP IQ", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "16.1" + } + ] + } + }, + { + "product_name": "SAP SQL Anywhere", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "17.0" + } + ] + } + }, + { + "product_name": "SAP Dynamic Tiering", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.0" + }, + { + "version_name": "<", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2792430", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2792430" } ] } diff --git a/2019/10xxx/CVE-2019-10757.json b/2019/10xxx/CVE-2019-10757.json index b9d85055d07..294a9490153 100644 --- a/2019/10xxx/CVE-2019-10757.json +++ b/2019/10xxx/CVE-2019-10757.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "knex.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 0.19.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JS-KNEX-471962", + "url": "https://snyk.io/vuln/SNYK-JS-KNEX-471962" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB." } ] } diff --git a/2019/3xxx/CVE-2019-3980.json b/2019/3xxx/CVE-2019-3980.json index 845c2429159..0293a9cb59f 100644 --- a/2019/3xxx/CVE-2019-3980.json +++ b/2019/3xxx/CVE-2019-3980.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3980", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3980", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SolarWinds Dameware Remote Mini Remote Client Agent Service", + "version": { + "version_data": [ + { + "version_value": "Versions up to and including 12.1.0.89" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Remote Code Execution." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-227-43", + "url": "https://www.tenable.com/security/research/tra-227-43" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account." } ] }