"-Synchronized-Data."

2025-05-06 10:41:46 +00:00 · 2024-09-28 22:00:32 +00:00 · 2024-09-28 22:00:32 +00:00 · 0f20b9a903
commit 0f20b9a903
parent 740abce909
5 changed files with 22 additions and 13 deletions
--- a/2023/31xxx/CVE-2023-31403.json
+++ b/2023/31xxx/CVE-2023-31403.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.\n\n"
+                "value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-284: Improper Access Control",
-                        "cweId": "CWE-284"
+                        "value": "CWE-863: Incorrect Authorization",
+                        "cweId": "CWE-863"
                    }
                ]
            }
--- a/2023/32xxx/CVE-2023-32114.json
+++ b/2023/32xxx/CVE-2023-32114.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.\n\n"
+                "value": "SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-400: Uncontrolled Resource Consumption",
-                        "cweId": "CWE-400"
+                        "value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
+                        "cweId": "CWE-732"
                    }
                ]
            }
--- a/2023/33xxx/CVE-2023-33990.json
+++ b/2023/33xxx/CVE-2023-33990.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "SAP SQL Anywhere\u00a0- version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.\n\n"
+                "value": "SAP SQL Anywhere\u00a0- version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted."
            }
        ]
    },
@ -25,6 +25,15 @@
                        "cweId": "CWE-732"
                    }
                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-277: Insecure Inherited Permissions",
+                        "cweId": "CWE-277"
+                    }
+                ]
            }
        ]
    },
--- a/2023/35xxx/CVE-2023-35870.json
+++ b/2023/35xxx/CVE-2023-35870.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.\n\n"
+                "value": "When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-284: Improper Access Control",
-                        "cweId": "CWE-284"
+                        "value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
+                        "cweId": "CWE-732"
                    }
                ]
            }
--- a/2023/35xxx/CVE-2023-35874.json
+++ b/2023/35xxx/CVE-2023-35874.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.\n\n"
+                "value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-287: Improper Authentication",
-                        "cweId": "CWE-287"
+                        "value": "CWE-306: Missing Authentication for Critical Function",
+                        "cweId": "CWE-306"
                    }
                ]
            }