diff --git a/2022/30xxx/CVE-2022-30575.json b/2022/30xxx/CVE-2022-30575.json index 724c6b18f61..c90fd47ef29 100644 --- a/2022/30xxx/CVE-2022-30575.json +++ b/2022/30xxx/CVE-2022-30575.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-30575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2022-08-16T17:00:00Z", + "ID": "CVE-2022-30575", + "STATE": "PUBLIC", + "TITLE": "TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Data Science - Workbench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica - Estore Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica Trial", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Science - Workbench versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica - Estore Edition versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica Trial versions 14.0.0 and below: update to version 14.0.1 or later" + } + ], + "source": { + "discovery": "Internal" + } +} diff --git a/2022/30xxx/CVE-2022-30576.json b/2022/30xxx/CVE-2022-30576.json index a91a001736d..56f9c8c39d9 100644 --- a/2022/30xxx/CVE-2022-30576.json +++ b/2022/30xxx/CVE-2022-30576.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-30576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2022-08-16T17:00:00Z", + "ID": "CVE-2022-30576", + "STATE": "PUBLIC", + "TITLE": "TIBCO Statistica Stored Cross Site Scripting (XSS) Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Data Science - Workbench", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica - Estore Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Statistica Trial", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "14.0.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Science - Workbench versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica - Estore Edition versions 14.0.0 and below: update to version 14.0.1 or later\nTIBCO Statistica Trial versions 14.0.0 and below: update to version 14.0.1 or later" + } + ], + "source": { + "discovery": "Internal" + } +}