diff --git a/2017/17xxx/CVE-2017-17087.json b/2017/17xxx/CVE-2017-17087.json index 417b9f1369d..761bfcbb6a5 100644 --- a/2017/17xxx/CVE-2017-17087.json +++ b/2017/17xxx/CVE-2017-17087.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190803 [SECURITY] [DLA 1871-1] vim security update", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4582-1", + "url": "https://usn.ubuntu.com/4582-1/" } ] } diff --git a/2019/20xxx/CVE-2019-20807.json b/2019/20xxx/CVE-2019-20807.json index 618900075ac..6c00e9342ba 100644 --- a/2019/20xxx/CVE-2019-20807.json +++ b/2019/20xxx/CVE-2019-20807.json @@ -76,6 +76,11 @@ "refsource": "FULLDISC", "name": "20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra", "url": "http://seclists.org/fulldisclosure/2020/Jul/24" + }, + { + "refsource": "UBUNTU", + "name": "USN-4582-1", + "url": "https://usn.ubuntu.com/4582-1/" } ] } diff --git a/2020/4xxx/CVE-2020-4254.json b/2020/4xxx/CVE-2020-4254.json index e8a6d206da7..31510ad6c69 100644 --- a/2020/4xxx/CVE-2020-4254.json +++ b/2020/4xxx/CVE-2020-4254.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "A" : "N", - "AV" : "N", - "SCORE" : "5.900", - "C" : "H", - "I" : "N", - "AC" : "H", - "PR" : "N", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6348664", - "url" : "https://www.ibm.com/support/pages/node/6348664", - "title" : "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560", - "name" : "ibm-guardium-cve20204253-info-disc (175560)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - } - ] - }, - "product_name" : "Security Guardium Big Data Intelligence" - } - ] - } + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-15T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4254" - } -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "A": "N", + "AV": "N", + "SCORE": "5.900", + "C": "H", + "I": "N", + "AC": "H", + "PR": "N", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6348664", + "url": "https://www.ibm.com/support/pages/node/6348664", + "title": "IBM Security Bulletin 6348664 (Security Guardium Big Data Intelligence)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175560", + "name": "ibm-guardium-cve20204253-info-disc (175560)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + }, + "product_name": "Security Guardium Big Data Intelligence" + } + ] + } + } + ] + } + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-15T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4254" + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4636.json b/2020/4xxx/CVE-2020-4636.json index fa4e631b9d8..512ec73198e 100644 --- a/2020/4xxx/CVE-2020-4636.json +++ b/2020/4xxx/CVE-2020-4636.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "S" : "C", - "PR" : "H", - "AC" : "L", - "UI" : "N", - "I" : "L", - "AV" : "N", - "C" : "H", - "SCORE" : "8.200", - "A" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-10-15T00:00:00", - "ID" : "CVE-2020-4636", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "38.2" - } - ] - }, - "product_name" : "Resilient OnPrem" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "S": "C", + "PR": "H", + "AC": "L", + "UI": "N", + "I": "L", + "AV": "N", + "C": "H", + "SCORE": "8.200", + "A": "L" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6348694 (Resilient OnPrem)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6348694", - "name" : "https://www.ibm.com/support/pages/node/6348694" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503", - "name" : "ibm-resilient-cve20204636-command-exec (185503)" - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2020-10-15T00:00:00", + "ID": "CVE-2020-4636", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "38.2" + } + ] + }, + "product_name": "Resilient OnPrem" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6348694 (Resilient OnPrem)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6348694", + "name": "https://www.ibm.com/support/pages/node/6348694" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185503", + "name": "ibm-resilient-cve20204636-command-exec (185503)" + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6308.json b/2020/6xxx/CVE-2020-6308.json index f7f853f352d..964fb68e23f 100644 --- a/2020/6xxx/CVE-2020-6308.json +++ b/2020/6xxx/CVE-2020-6308.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Services)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "410" + }, + { + "version_name": "<", + "version_value": "420" + }, + { + "version_name": "<", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2943844", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2943844" } ] } diff --git a/2020/6xxx/CVE-2020-6315.json b/2020/6xxx/CVE-2020-6315.json index fe069913ae0..163725fa05f 100644 --- a/2020/6xxx/CVE-2020-6315.json +++ b/2020/6xxx/CVE-2020-6315.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.7", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2973497", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2973497" } ] } diff --git a/2020/6xxx/CVE-2020-6362.json b/2020/6xxx/CVE-2020-6362.json index 94cda950ccd..ea97a66a8d6 100644 --- a/2020/6xxx/CVE-2020-6362.json +++ b/2020/6xxx/CVE-2020-6362.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Banking Services", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "500" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2953212", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2953212" } ] } diff --git a/2020/6xxx/CVE-2020-6366.json b/2020/6xxx/CVE-2020-6366.json index 00934d475fc..c0f11404d0b 100644 --- a/2020/6xxx/CVE-2020-6366.json +++ b/2020/6xxx/CVE-2020-6366.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6366", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (Compare Systems)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2969457", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2969457" } ] } diff --git a/2020/6xxx/CVE-2020-6367.json b/2020/6xxx/CVE-2020-6367.json index 3f8e724ac5d..771879d2c13 100644 --- a/2020/6xxx/CVE-2020-6367.json +++ b/2020/6xxx/CVE-2020-6367.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Composite Application Framework", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2972661", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2972661" } ] } diff --git a/2020/6xxx/CVE-2020-6369.json b/2020/6xxx/CVE-2020-6369.json index 4d6e747c571..a58cd59c419 100644 --- a/2020/6xxx/CVE-2020-6369.json +++ b/2020/6xxx/CVE-2020-6369.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9.7" + }, + { + "version_name": "<", + "version_value": "10.1" + }, + { + "version_name": "<", + "version_value": "10.5" + }, + { + "version_name": "<", + "version_value": "10.7" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard Coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2971638", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2971638" } ] } diff --git a/2020/6xxx/CVE-2020-6370.json b/2020/6xxx/CVE-2020-6370.json index 43911f60163..a0158b84d36 100644 --- a/2020/6xxx/CVE-2020-6370.json +++ b/2020/6xxx/CVE-2020-6370.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6370", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver (DI Design Time Repository)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2939419", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2939419" } ] }