admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-21 10:00:35 +00:00
parent 1f57b9b127
commit 1f7c714253
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 341 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
2025/3xxx/CVE-2025-3837.json
View File

@ -1,18 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Security@saviynt.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Saviynt",
"product": {
"product_data": [
{
"product_name": "OVA based Connect",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://saviynt.com/trust-compliance-security",
"refsource": "MISC",
"name": "https://saviynt.com/trust-compliance-security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: transparent;\">Follow this documentation </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm\"><span style=\"background-color: transparent;\">link</span></a><span style=\"background-color: transparent;\">&nbsp;and migrate to the latest version of Saviynt Connect component</span><br>"
}
],
"value": "Follow this documentation link https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm \u00a0and migrate to the latest version of Saviynt Connect component"
}
],
"credits": [
{
"lang": "en",
"value": "Achmea Security Assessment Team (SAT)"
}
]
}

118
2025/3xxx/CVE-2025-3838.json Normal file
View File

@ -0,0 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-3838",
"ASSIGNER": "Security@saviynt.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Saviynt",
"product": {
"product_data": [
{
"product_name": "OVA based Connect",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://saviynt.com/trust-compliance-security",
"refsource": "MISC",
"name": "https://saviynt.com/trust-compliance-security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: transparent;\">Follow this documentation </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm\"><span style=\"background-color: transparent;\">link</span></a><span style=\"background-color: transparent;\">&nbsp;and migrate to the latest version of Saviynt Connect component</span><br>"
}
],
"value": "Follow this documentation link https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm \u00a0and migrate to the latest version of Saviynt Connect component"
}
],
"credits": [
{
"lang": "en",
"value": "Achmea Security Assessment Team (SAT)"
}
]
}

18
2025/3xxx/CVE-2025-3839.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

109
2025/3xxx/CVE-2025-3840.json Normal file
View File

@ -0,0 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-3840",
"ASSIGNER": "Security@saviynt.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Saviynt",
"product": {
"product_data": [
{
"product_name": "OVA based Connect",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "AlmaLinux-8.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "CentOS-7.x_SC2.0-Client-3.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-2.0"
},
{
"version_affected": "=",
"version_value": "RHEL-8.x_SC2.0-Client-3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://saviynt.com/trust-compliance-security",
"refsource": "MISC",
"name": "https://saviynt.com/trust-compliance-security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: transparent;\">Follow this documentation </span><span style=\"background-color: transparent;\"><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm\">link</a></span><span style=\"background-color: transparent;\">&nbsp;and migrate to the latest version of Saviynt Connect component</span><br>"
}
],
"value": "Follow this documentation link https://docs.saviyntcloud.com/bundle/Saviynt-Connect-20-Resources/page/Content/Saviynt-Connect-20-Client-Configurations.htm \u00a0and migrate to the latest version of Saviynt Connect component"
}
],
"credits": [
{
"lang": "en",
"value": "Achmea Security Assessment Team (SAT)"
}
]
}