Correction for CVE-2019-3794

2025-06-12 02:05:39 +00:00 · 2019-07-17 10:59:50 -04:00 · 2019-07-17 10:59:50 -04:00 · 1eedd8c7c0
commit 1eedd8c7c0
parent e0ad656574
1 changed files with 1 additions and 85 deletions
--- a/2019/3xxx/CVE-2019-3794.json
+++ b/2019/3xxx/CVE-2019-3794.json
@ -1,85 +1 @@
-{
-  "data_type": "CVE",
-  "data_format": "MITRE",
-  "data_version": "4.0",
-  "CVE_data_meta": {
-    "ASSIGNER": "secure@dell.com",
-    "DATE_PUBLIC": "2019-07-09T23:28:30.000Z",
-    "ID": "CVE-2019-3794",
-    "STATE": "PUBLIC",
-    "TITLE": "UAA - Login app subject to clickjacking attack"
-  },
-  "source": {
-    "discovery": "UNKNOWN"
-  },
-  "affects": {
-    "vendor": {
-      "vendor_data": [
-        {
-          "product": {
-            "product_data": [
-              {
-                "product_name": "UAA Release (OSS)",
-                "version": {
-                  "version_data": [
-                    {
-                      "affected": "<",
-                      "version_name": "All",
-                      "version_value": "v73.4.0"
-                    }
-                  ]
-                }
-              }
-            ]
-          },
-          "vendor_name": "Cloud Foundry"
-        }
-      ]
-    }
-  },
-  "description": {
-    "description_data": [
-      {
-        "lang": "eng",
-        "value": "Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. "
-      }
-    ]
-  },
-  "problemtype": {
-    "problemtype_data": [
-      {
-        "description": [
-          {
-            "lang": "eng",
-            "value": null
-          }
-        ]
-      }
-    ]
-  },
-  "references": {
-    "reference_data": [
-      {
-        "refsource": "CONFIRM",
-        "url": "https://www.cloudfoundry.org/blog/cve-2019-3794",
-        "name": "https://www.cloudfoundry.org/blog/cve-2019-3794"
-      }
-    ]
-  },
-  "impact": {
-    "cvss": {
-      "attackComplexity": "LOW",
-      "attackVector": "NETWORK",
-      "availabilityImpact": "NONE",
-      "baseScore": 6.5,
-      "baseSeverity": "MEDIUM",
-      "confidentialityImpact": "HIGH",
-      "integrityImpact": "NONE",
-      "privilegesRequired": "NONE",
-      "scope": "UNCHANGED",
-      "userInteraction": "REQUIRED",
-      "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
-      "version": "3.0"
-    }
-  }
-}
+{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-07-09T00:00:00.000Z","ID":"CVE-2019-3794","STATE":"PUBLIC","TITLE":"UAA - Login app subject to clickjacking attack"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"UAA Release (OSS)","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v73.4.0"}]}}]},"vendor_name":"Cloud Foundry"}]}},"description":{"description_data":[{"lang":"eng","value":"Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284: Improper Access Control - Generic"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://www.cloudfoundry.org/blog/cve-2019-3794","name":"https://www.cloudfoundry.org/blog/cve-2019-3794"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.0"}}}