admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-11 04:00:34 +00:00
parent b29d41dd15
commit 1a2d72cf9f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
47 changed files with 970 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
2022/36xxx/CVE-2022-36354.json
View File

@ -40,12 +40,12 @@
"version": {
"version_data": [
{
"version_value": "master-branch-9aeece7a",
"version_affected": "="
"version_affected": "=",
"version_value": "master-branch-9aeece7a"
},
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -62,6 +62,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

13
2022/41xxx/CVE-2022-41639.json
View File

@ -40,12 +40,12 @@
"version": {
"version_data": [
{
"version_value": "master-branch-9aeece7a",
"version_affected": "="
"version_affected": "=",
"version_value": "master-branch-9aeece7a"
},
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -62,6 +62,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41649.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41684.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "master-branch-9aeece7a",
"version_affected": "="
"version_affected": "=",
"version_value": "master-branch-9aeece7a"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

13
2022/41xxx/CVE-2022-41794.json
View File

@ -40,12 +40,12 @@
"version": {
"version_data": [
{
"version_value": "master-branch-9aeece7a",
"version_affected": "="
"version_affected": "=",
"version_value": "master-branch-9aeece7a"
},
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -62,6 +62,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41837.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41838.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

13
2022/41xxx/CVE-2022-41977.json
View File

@ -40,12 +40,12 @@
"version": {
"version_data": [
{
"version_value": "master-branch-9aeece7a",
"version_affected": "="
"version_affected": "=",
"version_value": "master-branch-9aeece7a"
},
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -62,6 +62,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41981.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/41xxx/CVE-2022-41988.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

13
2022/41xxx/CVE-2022-41999.json
View File

@ -40,12 +40,12 @@
"version": {
"version_data": [
{
"version_value": "v2.3.19.0",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.3.19.0"
},
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -62,6 +62,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43592.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43593.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

5
2022/43xxx/CVE-2022-43594.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

5
2022/43xxx/CVE-2022-43595.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43596.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43597.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43598.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43599.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43600.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43601.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43602.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

9
2022/43xxx/CVE-2022-43603.json
View File

@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "v2.4.4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "v2.4.4.2"
}
]
}
@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
}
]
},

2
2023/1xxx/CVE-2023-1903.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

14
2023/27xxx/CVE-2023-27268.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges."
"value": "SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -54,15 +54,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3288480",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3288480"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27269.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable."
"value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. \u00a0In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -106,15 +106,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3294595",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3294595"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

2
2023/27xxx/CVE-2023-27497.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

14
2023/27xxx/CVE-2023-27498.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable"
"value": "SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -54,15 +54,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3275727",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3275727"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27500.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable."
"value": "An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -102,15 +102,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3302162",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3302162"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27501.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity"
"value": "SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -106,15 +106,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3294954",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3294954"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27893.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable."
"value": "An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.\u00a0 Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -62,15 +62,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3296476",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3296476"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27894.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data."
"value": "SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -58,15 +58,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3287120",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3287120"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27895.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data."
"value": "SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -54,15 +54,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3302710",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3302710"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

14
2023/27xxx/CVE-2023-27896.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability."
"value": "In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{
@ -58,15 +58,15 @@
},
"references": {
"reference_data": [
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3287120",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3287120"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},

2
2023/27xxx/CVE-2023-27897.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

15
2023/28xxx/CVE-2023-28205.json
View File

@ -97,6 +97,21 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213720",
"name": "https://support.apple.com/en-us/HT213720"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-3 Safari 16.4.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/3"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-1 iOS 16.4.1 and iPadOS 16.4.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/1"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/2"
}
]
},

10
2023/28xxx/CVE-2023-28206.json
View File

@ -113,6 +113,16 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213724",
"name": "https://support.apple.com/en-us/HT213724"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-1 iOS 16.4.1 and iPadOS 16.4.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/1"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/2"
}
]
},

2
2023/28xxx/CVE-2023-28761.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

2
2023/28xxx/CVE-2023-28763.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

2
2023/28xxx/CVE-2023-28765.json
View File

@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"vendor_name": "SAP",
"product": {
"product_data": [
{

115
2023/29xxx/CVE-2023-29110.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP Application Interface Framework (Message Dashboard)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "AIF 703"
},
{
"version_affected": "=",
"version_value": "AIFX 702"
},
{
"version_affected": "=",
"version_value": "S4CORE 100"
},
{
"version_affected": "=",
"version_value": "S4CORE 101"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 755"
},
{
"version_affected": "=",
"version_value": "SAP_BASIS 756"
},
{
"version_affected": "=",
"version_value": "SAP_ABA 75C"
},
{
"version_affected": "=",
"version_value": "SAP_ABA 75D"
},
{
"version_affected": "=",
"version_value": "SAP_ABA 75E"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3113349",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3113349"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

87
2023/29xxx/CVE-2023-29111.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP Application Interface Framework (ODATA service)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "755"
},
{
"version_affected": "=",
"version_value": "756"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3117978",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3117978"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

87
2023/29xxx/CVE-2023-29112.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP Application Interface Framework (Message Monitoring)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "600"
},
{
"version_affected": "=",
"version_value": "700"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3114489",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3114489"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

131
2023/29xxx/CVE-2023-29185.json
View File

@ -1,17 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for ABAP (Business Server Pages)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "700"
},
{
"version_affected": "=",
"version_value": "701"
},
{
"version_affected": "=",
"version_value": "702"
},
{
"version_affected": "=",
"version_value": "731"
},
{
"version_affected": "=",
"version_value": "740"
},
{
"version_affected": "=",
"version_value": "750"
},
{
"version_affected": "=",
"version_value": "751"
},
{
"version_affected": "=",
"version_value": "752"
},
{
"version_affected": "=",
"version_value": "753"
},
{
"version_affected": "=",
"version_value": "754"
},
{
"version_affected": "=",
"version_value": "755"
},
{
"version_affected": "=",
"version_value": "756"
},
{
"version_affected": "=",
"version_value": "757"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3303060",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3303060"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

95
2023/29xxx/CVE-2023-29186.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to\u00a0upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (BI CONT ADDON)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "707"
},
{
"version_affected": "=",
"version_value": "737"
},
{
"version_affected": "=",
"version_value": "747"
},
{
"version_affected": "=",
"version_value": "757"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3305907",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3305907"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
]
}

83
2023/29xxx/CVE-2023-29187.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29187",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SapSetup (Software Installation Program)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3311624",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3311624"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

139
2023/29xxx/CVE-2023-29189.json
View File

@ -1,17 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29189",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP",
"product": {
"product_data": [
{
"product_name": "SAP CRM (WebClient UI)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "S4FND 102"
},
{
"version_affected": "=",
"version_value": "S4FND 103"
},
{
"version_affected": "=",
"version_value": "S4FND 104"
},
{
"version_affected": "=",
"version_value": "S4FND 105"
},
{
"version_affected": "=",
"version_value": "S4FND 106"
},
{
"version_affected": "=",
"version_value": "S4FND 107"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 700"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 701"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 731"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 730"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 746"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 747"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 748"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 800"
},
{
"version_affected": "=",
"version_value": "WEBCUIF 801"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3269352",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3269352"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}