admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-20 14:01:56 +00:00
parent 917ee7f1ac
commit 201a9da6d6
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 673 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/17xxx/CVE-2017-17087.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4582-1",
"url": "https://usn.ubuntu.com/4582-1/"
}
]
}

5
2019/20xxx/CVE-2019-20807.json
View File

@ -76,6 +76,11 @@
"refsource": "FULLDISC",
"name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"url": "http://seclists.org/fulldisclosure/2020/Jul/24"
},
{
"refsource": "UBUNTU",
"name": "USN-4582-1",
"url": "https://usn.ubuntu.com/4582-1/"
}
]
}

174
2020/4xxx/CVE-2020-4254.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "N",
"AV" : "N",
"SCORE" : "5.900",
"C" : "H",
"I" : "N",
"AC" : "H",
"PR" : "N",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6348664",
"url" : "https://www.ibm.com/support/pages/node/6348664",
"title" : "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560",
"name" : "ibm-guardium-cve20204253-info-disc (175560)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.0"
}
]
},
"product_name" : "Security Guardium Big Data Intelligence"
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-10-15T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4254"
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"A": "N",
"AV": "N",
"SCORE": "5.900",
"C": "H",
"I": "N",
"AC": "H",
"PR": "N",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6348664",
"url": "https://www.ibm.com/support/pages/node/6348664",
"title": "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560",
"name": "ibm-guardium-cve20204253-info-disc (175560)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
},
"product_name": "Security Guardium Big Data Intelligence"
}
]
}
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2020-10-15T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4254"
}
}

176
2020/4xxx/CVE-2020-4636.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "C",
"PR" : "H",
"AC" : "L",
"UI" : "N",
"I" : "L",
"AV" : "N",
"C" : "H",
"SCORE" : "8.200",
"A" : "L"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2020-10-15T00:00:00",
"ID" : "CVE-2020-4636",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "38.2"
}
]
},
"product_name" : "Resilient OnPrem"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"S": "C",
"PR": "H",
"AC": "L",
"UI": "N",
"I": "L",
"AV": "N",
"C": "H",
"SCORE": "8.200",
"A": "L"
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6348694 (Resilient OnPrem)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6348694",
"name" : "https://www.ibm.com/support/pages/node/6348694"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503",
"name" : "ibm-resilient-cve20204636-command-exec (185503)"
}
]
},
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2020-10-15T00:00:00",
"ID": "CVE-2020-4636",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "38.2"
}
]
},
"product_name": "Resilient OnPrem"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6348694 (Resilient OnPrem)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6348694",
"name": "https://www.ibm.com/support/pages/node/6348694"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503",
"name": "ibm-resilient-cve20204636-command-exec (185503)"
}
]
},
"data_format": "MITRE"
}

71
2020/6xxx/CVE-2020-6308.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (Web Services)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "410"
},
{
"version_name": "<",
"version_value": "420"
},
{
"version_name": "<",
"version_value": "430"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2943844",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2943844"
}
]
}

63
2020/6xxx/CVE-2020-6315.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.7",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}

63
2020/6xxx/CVE-2020-6362.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Banking Services",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "500"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2953212",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2953212"
}
]
}

79
2020/6xxx/CVE-2020-6366.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6366",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (Compare Systems)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2969457",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2969457"
}
]
}

79
2020/6xxx/CVE-2020-6367.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6367",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Composite Application Framework",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.2",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2972661",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2972661"
}
]
}

75
2020/6xxx/CVE-2020-6369.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9.7"
},
{
"version_name": "<",
"version_value": "10.1"
},
{
"version_name": "<",
"version_value": "10.5"
},
{
"version_name": "<",
"version_value": "10.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard Coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2971638",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2971638"
}
]
}

79
2020/6xxx/CVE-2020-6370.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6370",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (DI Design Time Repository)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2939419",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2939419"
}
]
}