diff --git a/2020/7xxx/CVE-2020-7037.json b/2020/7xxx/CVE-2020-7037.json index 0329501586e..e6a1b2f9f22 100644 --- a/2020/7xxx/CVE-2020-7037.json +++ b/2020/7xxx/CVE-2020-7037.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-7037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "DATE_PUBLIC": "2021-04-28T06:00:00.000Z", + "ID": "CVE-2020-7037", + "STATE": "PUBLIC", + "TITLE": "Avaya Equinox Conferencing XXE vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Avaya Meetings Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "9.x", + "version_value": "9.1.10" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The affected versions of Avaya Equinox Conferencing includes all 9.x versions before 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server. \n" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.avaya.com/css/P8/documents/101075574", + "refsource": "CONFIRM", + "url": "https://support.avaya.com/css/P8/documents/101075574" + } + ] + }, + "source": { + "advisory": " ASA-2021-036" + } +} diff --git a/2020/7xxx/CVE-2020-7038.json b/2020/7xxx/CVE-2020-7038.json index a794aaf51bf..e3f35f27807 100644 --- a/2020/7xxx/CVE-2020-7038.json +++ b/2020/7xxx/CVE-2020-7038.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-7038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "DATE_PUBLIC": "2021-04-28T06:00:00.000Z", + "ID": "CVE-2020-7038", + "STATE": "PUBLIC", + "TITLE": "Avaya Meetings Server Information Disclosure vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Avaya Meetings Management", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "3.x", + "version_value": "3.17" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control\nCWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.avaya.com/css/P8/documents/101075574", + "refsource": "CONFIRM", + "url": "https://support.avaya.com/css/P8/documents/101075574" + } + ] + }, + "source": { + "advisory": " ASA-2021-036" + } +}