From 1678b917290964e878f7f039d59eafb3f3bfdb19 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 15 Apr 2024 15:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/6xxx/CVE-2023-6536.json | 5 ++ 2024/21xxx/CVE-2024-21490.json | 5 ++ 2024/21xxx/CVE-2024-21610.json | 6 +- 2024/31xxx/CVE-2024-31080.json | 5 ++ 2024/31xxx/CVE-2024-31081.json | 5 ++ 2024/31xxx/CVE-2024-31083.json | 5 ++ 2024/3xxx/CVE-2024-3781.json | 97 ++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3782.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3783.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3784.json | 104 ++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3785.json | 104 ++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3786.json | 104 ++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3787.json | 104 ++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3788.json | 104 ++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3789.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3790.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3791.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3792.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3793.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3794.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3795.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3796.json | 105 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3817.json | 18 ++++++ 2024/3xxx/CVE-2024-3818.json | 18 ++++++ 2024/3xxx/CVE-2024-3819.json | 18 ++++++ 2024/3xxx/CVE-2024-3820.json | 18 ++++++ 2024/3xxx/CVE-2024-3821.json | 18 ++++++ 2024/3xxx/CVE-2024-3822.json | 18 ++++++ 2024/3xxx/CVE-2024-3823.json | 18 ++++++ 2024/3xxx/CVE-2024-3824.json | 18 ++++++ 2024/3xxx/CVE-2024-3825.json | 18 ++++++ 2024/3xxx/CVE-2024-3826.json | 18 ++++++ 32 files changed, 1811 insertions(+), 67 deletions(-) create mode 100644 2024/3xxx/CVE-2024-3817.json create mode 100644 2024/3xxx/CVE-2024-3818.json create mode 100644 2024/3xxx/CVE-2024-3819.json create mode 100644 2024/3xxx/CVE-2024-3820.json create mode 100644 2024/3xxx/CVE-2024-3821.json create mode 100644 2024/3xxx/CVE-2024-3822.json create mode 100644 2024/3xxx/CVE-2024-3823.json create mode 100644 2024/3xxx/CVE-2024-3824.json create mode 100644 2024/3xxx/CVE-2024-3825.json create mode 100644 2024/3xxx/CVE-2024-3826.json diff --git a/2023/6xxx/CVE-2023-6536.json b/2023/6xxx/CVE-2023-6536.json index ae5a87fb173..08af56ec2ad 100644 --- a/2023/6xxx/CVE-2023-6536.json +++ b/2023/6xxx/CVE-2023-6536.json @@ -307,6 +307,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240415-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240415-0001/" } ] }, diff --git a/2024/21xxx/CVE-2024-21490.json b/2024/21xxx/CVE-2024-21490.json index 341414259e1..2224c802502 100644 --- a/2024/21xxx/CVE-2024-21490.json +++ b/2024/21xxx/CVE-2024-21490.json @@ -98,6 +98,11 @@ "url": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos", "refsource": "MISC", "name": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos" + }, + { + "url": "https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS", + "refsource": "MISC", + "name": "https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS" } ] }, diff --git a/2024/21xxx/CVE-2024-21610.json b/2024/21xxx/CVE-2024-21610.json index cecb1d4cf59..fd6637fe374 100644 --- a/2024/21xxx/CVE-2024-21610.json +++ b/2024/21xxx/CVE-2024-21610.json @@ -163,14 +163,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", - "baseScore": 5.3, + "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ] diff --git a/2024/31xxx/CVE-2024-31080.json b/2024/31xxx/CVE-2024-31080.json index 53b14b48df1..04fd8573d81 100644 --- a/2024/31xxx/CVE-2024-31080.json +++ b/2024/31xxx/CVE-2024-31080.json @@ -228,6 +228,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271997", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2271997" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html" } ] }, diff --git a/2024/31xxx/CVE-2024-31081.json b/2024/31xxx/CVE-2024-31081.json index 0b54e6056a0..1c67f0e3f8f 100644 --- a/2024/31xxx/CVE-2024-31081.json +++ b/2024/31xxx/CVE-2024-31081.json @@ -228,6 +228,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271998", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2271998" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html" } ] }, diff --git a/2024/31xxx/CVE-2024-31083.json b/2024/31xxx/CVE-2024-31083.json index e405f1e94eb..62f08596eb2 100644 --- a/2024/31xxx/CVE-2024-31083.json +++ b/2024/31xxx/CVE-2024-31083.json @@ -228,6 +228,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272000", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2272000" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html" } ] }, diff --git a/2024/3xxx/CVE-2024-3781.json b/2024/3xxx/CVE-2024-3781.json index d33e04979f8..c3fd477562c 100644 --- a/2024/3xxx/CVE-2024-3781.json +++ b/2024/3xxx/CVE-2024-3781.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Sergio Gonz\u00e1lez Gonz\u00e1lez" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3782.json b/2024/3xxx/CVE-2024-3782.json index b936a03c133..59cf1369aa3 100644 --- a/2024/3xxx/CVE-2024-3782.json +++ b/2024/3xxx/CVE-2024-3782.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3782", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3783.json b/2024/3xxx/CVE-2024-3783.json index 6a672ad5ecb..f085d9079eb 100644 --- a/2024/3xxx/CVE-2024-3783.json +++ b/2024/3xxx/CVE-2024-3783.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3784.json b/2024/3xxx/CVE-2024-3784.json index caef6263b65..70bd2b14c70 100644 --- a/2024/3xxx/CVE-2024-3784.json +++ b/2024/3xxx/CVE-2024-3784.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3785.json b/2024/3xxx/CVE-2024-3785.json index fc3c67f4fb8..05ff921d8cb 100644 --- a/2024/3xxx/CVE-2024-3785.json +++ b/2024/3xxx/CVE-2024-3785.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3786.json b/2024/3xxx/CVE-2024-3786.json index cefe620756b..a4c37e98c78 100644 --- a/2024/3xxx/CVE-2024-3786.json +++ b/2024/3xxx/CVE-2024-3786.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3787.json b/2024/3xxx/CVE-2024-3787.json index 648f574d111..264893919e8 100644 --- a/2024/3xxx/CVE-2024-3787.json +++ b/2024/3xxx/CVE-2024-3787.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3788.json b/2024/3xxx/CVE-2024-3788.json index ab8381401de..d805ff86a39 100644 --- a/2024/3xxx/CVE-2024-3788.json +++ b/2024/3xxx/CVE-2024-3788.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3789.json b/2024/3xxx/CVE-2024-3789.json index 18f4a2cd72e..3e4fe2aa491 100644 --- a/2024/3xxx/CVE-2024-3789.json +++ b/2024/3xxx/CVE-2024-3789.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3790.json b/2024/3xxx/CVE-2024-3790.json index 95914463acb..f491ee31e05 100644 --- a/2024/3xxx/CVE-2024-3790.json +++ b/2024/3xxx/CVE-2024-3790.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3791.json b/2024/3xxx/CVE-2024-3791.json index 48e962335df..661fbfaa789 100644 --- a/2024/3xxx/CVE-2024-3791.json +++ b/2024/3xxx/CVE-2024-3791.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3792.json b/2024/3xxx/CVE-2024-3792.json index d177eaafff5..6250f06855c 100644 --- a/2024/3xxx/CVE-2024-3792.json +++ b/2024/3xxx/CVE-2024-3792.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3793.json b/2024/3xxx/CVE-2024-3793.json index 4c490ba68ff..16ad533c774 100644 --- a/2024/3xxx/CVE-2024-3793.json +++ b/2024/3xxx/CVE-2024-3793.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3794.json b/2024/3xxx/CVE-2024-3794.json index b409f84ad97..71fc392434f 100644 --- a/2024/3xxx/CVE-2024-3794.json +++ b/2024/3xxx/CVE-2024-3794.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3795.json b/2024/3xxx/CVE-2024-3795.json index 9fb6fd372d3..5845fda4599 100644 --- a/2024/3xxx/CVE-2024-3795.json +++ b/2024/3xxx/CVE-2024-3795.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3796.json b/2024/3xxx/CVE-2024-3796.json index 9840349cab2..612b374c263 100644 --- a/2024/3xxx/CVE-2024-3796.json +++ b/2024/3xxx/CVE-2024-3796.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WBSAirback", + "product": { + "product_data": [ + { + "product_name": "White Bear Solutions", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "21.02.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "value": "The vulnerability has been fixed by the White Bear Solutions team in version 21.05.00." + } + ], + "credits": [ + { + "lang": "en", + "value": "Alejandro Amor\u00edn Ni\u00f1o" + }, + { + "lang": "en", + "value": "Guillermo Tuvilla G\u00f3mez" + }, + { + "lang": "en", + "value": "Sergio Rom\u00e1n Hurtado" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3817.json b/2024/3xxx/CVE-2024-3817.json new file mode 100644 index 00000000000..e3dff3d7468 --- /dev/null +++ b/2024/3xxx/CVE-2024-3817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3818.json b/2024/3xxx/CVE-2024-3818.json new file mode 100644 index 00000000000..e9f708f02cd --- /dev/null +++ b/2024/3xxx/CVE-2024-3818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3819.json b/2024/3xxx/CVE-2024-3819.json new file mode 100644 index 00000000000..031a447e8f2 --- /dev/null +++ b/2024/3xxx/CVE-2024-3819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3820.json b/2024/3xxx/CVE-2024-3820.json new file mode 100644 index 00000000000..9cecf99d478 --- /dev/null +++ b/2024/3xxx/CVE-2024-3820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3821.json b/2024/3xxx/CVE-2024-3821.json new file mode 100644 index 00000000000..8d51a41222c --- /dev/null +++ b/2024/3xxx/CVE-2024-3821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3822.json b/2024/3xxx/CVE-2024-3822.json new file mode 100644 index 00000000000..8538818ea9d --- /dev/null +++ b/2024/3xxx/CVE-2024-3822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3823.json b/2024/3xxx/CVE-2024-3823.json new file mode 100644 index 00000000000..f6124f8ad4d --- /dev/null +++ b/2024/3xxx/CVE-2024-3823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3824.json b/2024/3xxx/CVE-2024-3824.json new file mode 100644 index 00000000000..8dbae3c4de7 --- /dev/null +++ b/2024/3xxx/CVE-2024-3824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3825.json b/2024/3xxx/CVE-2024-3825.json new file mode 100644 index 00000000000..48368afc219 --- /dev/null +++ b/2024/3xxx/CVE-2024-3825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3826.json b/2024/3xxx/CVE-2024-3826.json new file mode 100644 index 00000000000..f918474409b --- /dev/null +++ b/2024/3xxx/CVE-2024-3826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file