From a3b993908abb0768bf6a1498f51877e1928762fc Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Mon, 26 Apr 2021 11:28:56 -0700 Subject: [PATCH] Trend Micro submission 04262021 Trend Micro submission 04262021 --- 2021/28xxx/CVE-2021-28649.json | 79 ++++++++++++++++++++++++++-------- 2021/31xxx/CVE-2021-31519.json | 79 ++++++++++++++++++++++++++-------- 2 files changed, 124 insertions(+), 34 deletions(-) diff --git a/2021/28xxx/CVE-2021-28649.json b/2021/28xxx/CVE-2021-28649.json index 4a2e893ad0b..08db12879eb 100644 --- a/2021/28xxx/CVE-2021-28649.json +++ b/2021/28xxx/CVE-2021-28649.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-28649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2021-28649", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro HouseCall for Home Networks", + "version" : { + "version_data" : [ + { + "version_value" : "5.3.1179 and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Incorrect Permission Assignment" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-474/" + } + ] + } +} diff --git a/2021/31xxx/CVE-2021-31519.json b/2021/31xxx/CVE-2021-31519.json index 1196ca5faf4..983a241fd9c 100644 --- a/2021/31xxx/CVE-2021-31519.json +++ b/2021/31xxx/CVE-2021-31519.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2021-31519", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro HouseCall for Home Networks", + "version" : { + "version_data" : [ + { + "version_value" : "5.3.1179 and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Incorrect Permission Assignment" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-475/" + } + ] + } +}