Added CVE-2018-15771,15772,15795

2025-07-29 05:56:59 +00:00 · 2018-11-12 15:57:42 -05:00 · 2018-11-12 15:57:42 -05:00 · 25163a18e3
commit 25163a18e3
parent 9991b4c9c4
3 changed files with 222 additions and 36 deletions
--- a/2018/15xxx/CVE-2018-15771.json
+++ b/2018/15xxx/CVE-2018-15771.json
@ -1,18 +1,78 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15771",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "secure@dell.com",
+      "DATE_PUBLIC": "2018-11-09T05:00:00.000Z",
+      "ID": "CVE-2018-15771",
+      "STATE": "PUBLIC",
+      "TITLE": "Dell EMC RecoverPoint Information Disclosure Vulnerability"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Dell EMC RecoverPoint",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "5.1.2.1"
+                              }
+                           ]
+                        }
+                     },
+                     {
+                        "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "5.2.0.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Dell EMC"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "information disclosure vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "FULLDISC",
+            "url": "https://seclists.org/fulldisclosure/2018/Nov/34"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}
--- a/2018/15xxx/CVE-2018-15772.json
+++ b/2018/15xxx/CVE-2018-15772.json
@ -1,18 +1,78 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15772",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "secure@dell.com",
+      "DATE_PUBLIC": "2018-11-09T05:00:00.000Z",
+      "ID": "CVE-2018-15772",
+      "STATE": "PUBLIC",
+      "TITLE": "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Dell EMC RecoverPoint",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "5.1.2.1"
+                              }
+                           ]
+                        }
+                     },
+                     {
+                        "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "5.2.0.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Dell EMC"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "uncontrolled resource consumption vulnerability"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "FULLDISC",
+            "url": "https://seclists.org/fulldisclosure/2018/Nov/34"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}
--- a/2018/15xxx/CVE-2018-15795.json
+++ b/2018/15xxx/CVE-2018-15795.json
@ -1,18 +1,84 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-15795",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "secure@dell.com",
+      "DATE_PUBLIC": "2018-11-09T08:00:00.000Z",
+      "ID": "CVE-2018-15795",
+      "STATE": "PUBLIC",
+      "TITLE": "CredHub Service Broker uses guessable client secret"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "CredHub Service Broker",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_name": "all versions",
+                                 "version_value": "1.1.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Pivotal Cloud Foundry"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "ADJACENT_NETWORK",
+         "availabilityImpact": "NONE",
+         "baseScore": 8.1,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "HIGH",
+         "scope": "CHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Predictability problems"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "refsource": "CONFIRM",
+            "url": "https://pivotal.io/security/cve-2018-15795"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}