From 1b0f1789100e468c0e8d6ad5a81b80149c8a1bba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 22 Jan 2019 11:13:43 -0500 Subject: [PATCH] - Added submission from Brocade from 2019-01-09. --- 2018/6xxx/CVE-2018-6443.json | 48 +++++++++++++++++++++++++++++++++--- 2018/6xxx/CVE-2018-6444.json | 48 +++++++++++++++++++++++++++++++++--- 2018/6xxx/CVE-2018-6445.json | 48 +++++++++++++++++++++++++++++++++--- 3 files changed, 135 insertions(+), 9 deletions(-) diff --git a/2018/6xxx/CVE-2018-6443.json b/2018/6xxx/CVE-2018-6443.json index 70c85f1151c..da3e590170c 100644 --- a/2018/6xxx/CVE-2018-6443.json +++ b/2018/6xxx/CVE-2018-6443.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "sirt@brocade.com", "ID" : "CVE-2018-6443", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Brocade Network Advisor", + "version" : { + "version_data" : [ + { + "version_value" : "All versions prior to version 14.3.1" + } + ] + } + } + ] + }, + "vendor_name" : "Brocade Communications Systems, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743" } ] } diff --git a/2018/6xxx/CVE-2018-6444.json b/2018/6xxx/CVE-2018-6444.json index a011bd30786..28d71d3b38b 100644 --- a/2018/6xxx/CVE-2018-6444.json +++ b/2018/6xxx/CVE-2018-6444.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "sirt@brocade.com", "ID" : "CVE-2018-6444", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Brocade Network Advisor", + "version" : { + "version_data" : [ + { + "version_value" : "All versions prior to version 14.1.0" + } + ] + } + } + ] + }, + "vendor_name" : "Brocade Communications Systems, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote Code Execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-744" } ] } diff --git a/2018/6xxx/CVE-2018-6445.json b/2018/6xxx/CVE-2018-6445.json index aafcc2d8e56..da0d8aff4b4 100644 --- a/2018/6xxx/CVE-2018-6445.json +++ b/2018/6xxx/CVE-2018-6445.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "sirt@brocade.com", "ID" : "CVE-2018-6445", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Brocade Network Advisor", + "version" : { + "version_data" : [ + { + "version_value" : "All versions prior to version 14.0.3" + } + ] + } + } + ] + }, + "vendor_name" : "Brocade Communications Systems, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-745" } ] }